The Valibox is a software image for OpenWRT-supported home router
devices that secures domain name lookups with DNSSEC. With it, you can
secure the method that converts a domain name to its corresponding IP
address. You can find more information about DNSSEC on
You can use a router with the Valibox software in an existing network;
it provides its own Wifi network, on which DNSSEC-validation is
In addition to basic DNSSEC support, it also catches DNSSEC errors; and
gives the user the option to temporarily ignore those errors.
Why use the Valibox?
The Valibox performs DNSSEC-validation out-of-the-box. You are in
control of the security of DNS resolution, and you are not dependent on
your Internet Service Provider for DNSSEC-validation.
If DNSSEC-validation fails, it could be caused by an administrator
error; in that case there is an easy way to (temporarily) ignore the
How does it work?
Internally, the Valibox runs a slightly modified DNSSEC-validation
resolver that, when it encounters a DNSSEC error, redirects the user to
a web application running on the Valibox, rather than just returning an
That web application allows the user to temporarily set a so-called
‘Negative Trust Anchor’ (NTA) for a domain name, which makes the
resolver return the DNS answer for that domain name despite DNSSEC