On 14 and 21 March 2024, the Restena Foundation will replace the servers on which the two recursive resolvers benefiting institutions connected to the national research and education network (RESTENA network) are configured. With its DNS servers that focus on data security and protection, Restena provides institutions using the ‘Public DNS resolver’ with data security, confidentiality, and protection for DNS requests by means of a neutral DNS resolution that validate the responses obtained by using DNSSEC technology.

Encrypted access to DNS resolvers

New servers integrated into the RESTENA network infrastructure, research and education institutions can benefit from a new feature: accessing the community DNS resolver by using DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH), two technologies that encipher DNS communications between client and server.

The DoT and DoH services will be immediately available to any institution wishing to use these technologies but will require server authentication. To achieve this, it will be essential to implement the X.509 certificate signature (SPKI pin) for resolvers.

A step closer to a new infrastructure

Replacing the servers ns.restena.lu and arakis.restena.lu by the servers dns1.restena.lu et dns2.restena.lu - which will still use their current IPv4 and IPv6 addresses - is a further step within the project to renew servers initiated by Restena. In February 2024, Restena already replaced the server on which its recursive resolver open to the general public was configured.

In the future, renewing servers will allow the integration of our community recursive resolvers inside a bright new dedicated infrastructure, developed within the LuCySe4RE - Enhancing Cybersecurity Services for the Luxembourgish Research and Education community project, a project whose aim is to improve protection against the cybersecurity risks faced by the Luxembourg research and education community.