Send in your ideas. Deadline October 1, 2024
Theme fund: NGI0 Entrust
Start: 2023-10
More projects like this
Middleware and identity


Privacy-enhanced DNS resolver and DHCP server

A secure and robust DHCP server and DNS resolver with a small resource footprint. We will develop a MirageOS unikernel providing these crucial network services. There are various privacy extensions (such as query name minimisation, and recently published opportunistic encryption between the resolver and the authoritative name server), as well as the possibility to deny resolution of configurable domain names (block lists). For enhanced security, we will implement DNSSec. We will provide DNS-over-TLS and DNS-over-HTTPS services. This will be a drop-in replacement for DNSvizor and Pi-hole.

The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MirageOS also supports using a strict security feature of the Linux kernel called seccomp.

Run by Robur

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.