Maintained by: NLnet Labs

[Unbound-users] Unbound Android port

Petr Spacek
Wed Sep 2 12:07:01 CEST 2015


On 11.8.2015 14:02, Marek Sebera via Unbound-users wrote:
> Hello list,
> 
> I’d like to continue in discussion I’ve started here more than 1 year ago.
> 
> I was finally able to give it some time, and successfully cross-compiled Unbound DNS in version, and I’ve documented and automated the process a bit, you can see here:
> https://github.com/smarek/android-unbound-dns
> 
> So now the real question is, is there still demand for securing Android using Unbound DNS resolver, or did I made this for no one?
> 
> Final idea is to have Unbound Android application which will start the DNS service on unprivileged port (such as 5353) and will be used as optional DNS resolver for masses.
> Or, having the installer package, will replace default Android resolver, either through IPTables (re-routing all 53 traffic through unbound on 5353) or modifying actual ROM.

Hopefully we will get something like validation on each device + workarounds
like dnssec-trigger and
https://fedoraproject.org/wiki/Networking/NameResolution/DNSSEC/UnboundMixedMode
installed by default.

That would allow us to have reliable DNSSEC validator everywhere.

Let's see how this goes on Fedora (which is quire often used on mobile
devices, too) and then we can port it to Android.

-- 
Petr Spacek  @  Red Hat