NGI0 grant for Software Heritage 2020/03/26

Hackers donate 90% of profit to charity 2019/06/13

NGI Zero awarded two EC research and innovation actions 2018/12/01

EC publishes study on Next Generation Internet 2025 2018/10/05

  Help grow the future. Donate

DNS Security Fund

DNSSEC is one of the key technologies for a safer internet - i quite literally actually, because it unlocks a mechanism for the internet user to (automatically) certify that he or she is being sent to the right computer or service on the internet. In addition, through DANE new security mechanisms can be bootstrapped effortlessly.

The DNSSEC fund is available for projects that help explore the possibilities of DNSSEC by building real world solutions, and finding novel use cases for this exciting technology.

For more information about donating to the DNSSEC Fund, or to NLnet in general, please email or contact us in any other way that works for you.

Background information

Domain names are vital to the way we use the internet, as businesses, public institutions and private individuals. While the original system of resolving domain names was very robust and has made tremendous innovation possible, it was also found to be open to serious abuse. DNSSEC provides a cryptographic seal of authenticity that gives real proof of the validity of the domain name you use when you visit a website, chat or send an email.

With DNSSEC you get what security specialists call a chain of trust from the root of the internet to the service you want to connect to - opening the way form many new exciting opportunities. DNSSEC is being gradually introduced worldwide, country by country.

Of course it is already a big win that the chain can henceforth be trusted up to the point where providers relay the answer to the client. But this is not good enough for perfectly normal use such as using a (potentially hostile) public wifi hotspot: for end users to fully benefit from DNSSEC in such cases, the software on the end user side should be able to validate DNSSEC signatures as well - especially on sensitive data like digital security keys and certificates. Most (but not all) applications depend on higher level services to handle DNS, which means that these service stacks need to be updated in all operating systems. Specific client software using their own built-in DNS services, like realtime communication software (e.g. SIP, XMPP), messaging servers and browsers, also will need to be adapted.

Every internet user deserves to be protected by DNSSEC in all situations, yet currently end user software is ready for DNSSEC. In order to speed up the process of introduction of DNSSEC, the Netherlands-based charity NLnet foundation announces that it will open a fund where open source projects can apply for grants to work on DNSSEC in their applications. Through a lightweight and fast procedure, projects can secure funding for reengineering software to reliably work with DNSSEC. Grants will be handed out on the basis of real-world impact, urgency and technical quality of the proposals. Proposals should adhere to the normal requirements for proposals at NLnet, and be no longer than 2 pages of text.

Some technology partially or fully funded through NLnet and the DNSSEC fund

Cosponsored by:



Send in your ideas.
Deadline June 1st, 2020.

Help fundraising for the open internet with 5 minutes of your time

Want to help but no money to spend? Help us by protecting open source and its users.

Please check out NLnet's theme funds, such as the Internet Hardening Fund, privacy and trust enhancing technologies, search, discovery and discoverability and the DNSSEC fund.

NGI Zero logo

Or talk to us.