What is the Valibox?

The Valibox is a software image for OpenWRT-supported home router devices that secures domain name lookups with DNSSEC. With it, you can secure the method that converts a domain name to its corresponding IP address. You can find more information about DNSSEC on sidn.nl

You can use a router with the Valibox software in an existing network; it provides its own Wifi network, on which DNSSEC-validation is enabled.

In addition to basic DNSSEC support, it also catches DNSSEC errors; and gives the user the option to temporarily ignore those errors.

Why use the Valibox?

DNSSEC-validation

The Valibox performs DNSSEC-validation out-of-the-box. You are in control of the security of DNS resolution, and you are not dependent on your Internet Service Provider for DNSSEC-validation.

Userfriendly NTA-management

If DNSSEC-validation fails, it could be caused by an administrator error; in that case there is an easy way to (temporarily) ignore the error.

How does it work?

Internally, the Valibox runs a slightly modified DNSSEC-validation resolver that, when it encounters a DNSSEC error, redirects the user to a web application running on the Valibox, rather than just returning an error.

That web application allows the user to temporarily set a so-called ‘Negative Trust Anchor’ (NTA) for a domain name, which makes the resolver return the DNS answer for that domain name despite DNSSEC errors.