Categories
Deploy360 Domain Name System Security Extensions (DNSSEC)

Weekend Project: Test Out New DNSSEC Support In Dnsmasq

Dnsmasq iconIf you run your own small network and are comfortable working with Linux, Android, *BSD, Solaris or Mac OS X, here’s a great way you could help advance DNSSEC: Simon Kelley is looking for people to test the new DNSSEC functionality he included in his latest development version of dnsmasq.

If you are not familiar with dnsmasq, it is a DNS fowarder and DHCP server that is already included in many versions of Linux, including Debian, Suse, Fedora, Gentoo and others.  From the dnsmasq website:

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.

Dnsmasq is targeted at home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection but would be a good choice for any smallish network (up to 1000 clients is known to work) where low resource use and ease of configuration are important.

If you have a bit of time and could help Simon out with some testing, he would greatly appreciate it – and if this can mean that we’ll be able to get DNSSEC validation happening out in so many more distributions of Linux that would be a great win for making the Internet more secure!

Please read Simon’s message and you may also want to scan the email thread to see if there are any more updates or issues found.

Kudos to Simon for making this happen – and also to Comcast for providing enough funding that Simon was able to work on this full-time for a bit to get it working.