DNSSEC Validator 2.0 for web browsers

About

DNSSEC Validator 2.0 is an add-on for the web browsers, which allows you to check the existence and validity of DNSSEC DNS records for domain names in the address of the page currently displayed in your browser window. The result of this check is displayed using colour keys and information texts in the page’s address bar or separate toolbar. Currently, the Internet Explorer (IE), Mozilla Firefox (FF) and Google Chrome (CR) web browsers are supported.

News

Current Downloads

Current version 2.0 is available for download on new website of project.

Version 2.0-beta1. Extension is in beta version, so expect bugs.

Description

The result of this check is displayed using colour keys and information texts in the page’s address bar (FF and CR) or separate toolbar (IE). Detailed security information you can get by clicking the given key.

Ukázka DNSSEC Validatoru 2.0 pro FF a chrome Ukázka toolbar lišty s DNSSEC Validátorem

DNSSEC states

The colour of the key in the bar signals whether the domain name is secured by DNSSEC and whether the DNSSEC signatures are valid and the domain name can trusted. The following situations can happen and the key can look as follows:

Šedý klíček s otazníkem An error occurred while getting the DNSSEC status of this domain name. This may be caused by loss of connection to the DNS server or the user-chosen validating resolver IP address is not an address of a validating resolver. This state can may also occur if an unexpected error during the validation process was detected.

Šedý klíček For existing domain name means that this domain name is not secured by DNSSEC, so it is not possible to verify validity of obtained data and you are not secured against domain name spoofing. For nonexistent domain name means that the parent domain is not secured by DNSSEC, thus it was not possible to verify nonexistence of this domain name.

Zelený klíček For existing domain name means that this domain name is correctly secured by DNSSEC. Information about the IP address of this domain name was validated using DNSSEC. Because this domain name is secured by DNSSEC, you are protected against domain name spoofing. For nonexistent domain name means that the parent domain is secured by DNSSEC, thus it was possible to successfully verify nonexistence of this domain name.

Červený klíček For existing domain name means that this domain name is secured by DNSSEC but invalid domain name signature has been detected or the IP address which the browser is using differs from the address obtained by the DNSSEC add-on. This may have a legitimate reason but can also point at a DNS spoofing attempt! (Difference of IP addresses can also be caused by such proxy (cache) server that your browser uses for obtaining a desired page). For nonexistent domain name means that the parent domain is secured by DNSSEC but the received domain name nonexistence response does not contain a valid signature. This may signalise a domain name spoofing attempt in order to deny the access to the domain.

Tmavě šedý klíček Nonactive window or tab - (only for IE version).

Configuration

Extension settings allow choosing the DNS resolver used for DNSSEC validation. You can specify address of an arbitrary validating resolver. Note that by default the resolver specified in system settings is used - thus if it's not validating, you need to choose a validating one. Every choice of settings can be tested on DNSSEC support.

Ukázka DNSSEC Validatoru 2.0 pro FF

User Support

Questions about the extensions can be sent to dnssec-validator-users@lists.nic.cz conference. You can also report bugs and feature requests here. Please specify that you are writing about the 2.0IE, 2.0FF nebo 2.0CR.

Source code and Git Repository

BUILDING

For compilation on the Linux just call cmake and make without any extra parameters:

For compilation on the MAC OS X is recommended to set explicitly the target architecture, e.g.:

For compilation on the Windows:

Screenshots

Ukázka DNSSEC Validatoru 2.0 pro FF

Ukázka DNSSEC Validatoru 2.0 pro IE

Ukázka DNSSEC Validatoru 2.0 pro CR