February 8, 2014 archive
If you run your own small network and are comfortable working with Linux, Android, *BSD, Solaris or Mac OS X, here’s a great way you could help advance DNSSEC: Simon Kelley is looking for people to test the new DNSSEC functionality he included in his latest development version of dnsmasq.
If you are not familiar with dnsmasq, it is a DNS fowarder and DHCP server that is already included in many versions of Linux, including Debian, Suse, Fedora, Gentoo and others. From the dnsmasq website:
Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.
Dnsmasq is targeted at home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection but would be a good choice for any smallish network (up to 1000 clients is known to work) where low resource use and ease of configuration are important.
If you have a bit of time and could help Simon out with some testing, he would greatly appreciate it – and if this can mean that we’ll be able to get DNSSEC validation happening out in so many more distributions of Linux that would be a great win for making the Internet more secure!
Kudos to Simon for making this happen – and also to Comcast for providing enough funding that Simon was able to work on this full-time for a bit to get it working.