Unified IPv6 DNS Security

While DJBDNS is the unsurpassed DNS content and cache server implementation written by Daniel Bernstein, it lacks IPv6 features. Using Felix von Leitner's IPv6 add-on, we have included Matthew Dempsky's DNSCurve patch utilizing Bernstein's approach to provided a full solution.

In order to achieve DNS message enrcyption on the server side, you need to install Harm von Tilborg's CurveDNS server along-side with Daniel Bernstein's, Tanja Lange's, and Peter Schwabe's NaCl library.

Download sources

Meanwhile, Harm van Tilborg, Jeroen Schreeder, and Lieuwe Jan Koning have started a similar project and released

Additional resources:

Before fragmenting the available software even more, I stall my project and check for those resources.

Upcoming events

Currently, I'am working on

My roll-out plan for DJBDNSCurve6 stretches several phases:

  1. Phase: DJBDNS6 based on Qlibs (and it's DNS stub resolver routines) conforming to slashpackage installation conventions and covering IPv6 completely. This is the basic framework.
  2. Phase: DJBDNS6++ understanding EDNS(0) and support for current CurveDNS implementation.
  3. Phase: Integrated DNSCurve implementation based on NaCL.

The integration of IPv6 and DNS on network level is rather frustrating. Ever tried to set up a DNS Server listening on 'fe80::1%eth0' and enabling to reach it via /etc/resolv.conf? Ever heard of IPvFuture?

The release is due in 2018+.