About the Valibox
What is the Valibox?
The Valibox is a software image for OpenWRT-supported home router devices that secures domain name lookups with DNSSEC. With it, you can secure the method that converts a domain name to its corresponding IP address. You can find more information about DNSSEC on sidn.nl
You can use a router with the Valibox software in an existing network; it provides its own Wifi network, on which DNSSEC-validation is enabled.
In addition to basic DNSSEC support, it also catches DNSSEC errors; and gives the user the option to temporarily ignore those errors.
Why use the Valibox?
The Valibox performs DNSSEC-validation out-of-the-box. You are in control of the security of DNS resolution, and you are not dependent on your Internet Service Provider for DNSSEC-validation.
If DNSSEC-validation fails, it could be caused by an administrator error; in that case there is an easy way to (temporarily) ignore the error.
How does it work?
Internally, the Valibox runs a slightly modified DNSSEC-validation resolver that, when it encounters a DNSSEC error, redirects the user to a web application running on the Valibox, rather than just returning an error.
That web application allows the user to temporarily set a so-called 'Negative Trust Anchor' (NTA) for a domain name, which makes the resolver return the DNS answer for that domain name despite DNSSEC errors.