Robur private DNS resolver and DHCP server
Secure network configuration and DNS resolution
DHCP and DNS are fundamental Internet protocols, DHCP is used for dynamic IP address configuration in a local network, DNS for resolving hostnames to IP addresses. In this project, we develop a robust DHCP server and DNS resolver as a MirageOS unikernel. MirageOS unikernels are self-contained virtual machine images which are composed of the required OCaml libraries, leading to a binary with a minimal trusted code base, and thus minimized attack surface. The choice of the memory-safe, functional, and statically typed language OCaml avoids common attack vectors, such as buffer overflows and double frees. MirageOS unikernels can be deployed on various hypervisors (Xen, KVM, BHyve), microkernels (Genode, Muen), or as Unix binary (also with seccomp rules that allow only 10 system calls) on x86-64 and arm64. Several DHCP and DNS privacy extensions, extensive testing, and documentation is worked on to allow everyone to use it on their home router or in the data center. Migration of existing configuration (e.g. dnsmasq) to Robur DNS resolver and DHCP server will be provided as well.
- The project's own website: https://robur.io
Why does this actually matter to end users?
How can you understand and trust a complex system, like the operating system managing the hardware and software on your computer? You can make the complexity (as well as the security) of a system more transparent by cutting it up into parts, compartmentalizing what does what, where information is stored, which processes talk to each other. This way users can be sure their system only does what it is supposed to do and know precisely what goes in and what comes out. This can be done through virtual machines, which are isolated simulations of operating systems or programs on a computer. Simply put, you create virtual rooms where only one thing happens and only you have the keys to each door. This can give users complete control over what happens on their computer and ensures that if some malicious software finds a way in, it cannot get to the other rooms. This can be very important if your device contains sensitive information, if some ill-meaning third party tries to listen in, or when the device is part of some crucial infrastructure and is targeted for attacks.
Security by isolation can be important, for example, to keep a server or host device safe that provides crucial network services. To get anywhere on the internet, you need to have or be assigned an Internet Protocol (IP) address (which is handled by the Dynamic Host Protocol), and find out what IP address belongs to the website name you type into your browser bar (what the Domain Name System protocol helps to do, among other things through resolvers). A DHCP server and DNS resolver should be well-protected to keep your web traffic safe. This project wants to make a DHCP server and DNS resolver in an isolated virtual machine. MirageOS is an operating system that can create unikernels, isolated virtual machines that run operating systems with a single purpose. Making sure that the system running your DHCP server and DNS resolver can only do those two things limits the possibilities for an attacker to get in. Simply put, you can protect or close a back door in your system, or you can make sure that there is no back door all together. And to make extra sure that every client can rely on the server to protect its personal data, the DHCP server and DNS resolver will minimize the data it stores and encrypt all communication as much as possible. This project can show in practice how a unikernel can make your DHCP server and DNS resolver more secure and protected against anyone trying to listen in on where you go online and who you communicate with.
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.