DNSvizor
Privacy-enhanced DNS resolver and DHCP server
A secure and robust DHCP server and DNS resolver with a small resource footprint. We will develop a MirageOS unikernel providing these crucial network services. There are various privacy extensions (such as query name minimisation, and recently published opportunistic encryption between the resolver and the authoritative name server), as well as the possibility to deny resolution of configurable domain names (block lists). For enhanced security, we will implement DNSSec. We will provide DNS-over-TLS and DNS-over-HTTPS services. This will be a drop-in replacement for DNSvizor and Pi-hole.
The project builds on top of MirageOS: a library operating system developed in OCaml — a memory-safe functional programming language. In MirageOS, each service is a separate unikernel with a minimal attack surface that only contains the code required to run it. These unikernels are normally executed as a virtualized machine such as KVM, VirtIO, Xen. MirageOS also supports using a strict security feature of the Linux kernel called seccomp.
- The project's own website: https://github.com/roburio/dnsvizor
Run by Robur
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.
