About the Book
Please note that the content of this book primarily consists of articles available from Wikipedia or other free sources online. Pages: 36. Chapters: Domain Name System Security Extensions, .net, .eu, .uk, .me, .co, .com, .gov, .us, .dk, .nu, .asia, .br, .org, .se, .my, .pt, .arpa, .info, .de, .nl, .jp, .cat, .bg, .fi, .ac, .museum, .be, .li, .ag, .lk, .th, .pr, .fr, .na, .am, .bz, .gr, .mn, .nc, .edu, .cl, .sc, .sh, .tf, .ch, .lu, .gi, .io, .la, .re, .tm, .wf, .cz, .kg, .pm, .yt, .lc, .hn. Excerpt: The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality. The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility. RFC 3833 attempts to document some of the known threats to the DNS and how DNSSEC responds to those threats. DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server. While protecting IP addresses is the immediate concern for many users, DNSSEC can protect other information such as general-purpose cryptographic certificates stored in CERT records in the DNS. RFC 4398 describes how to distribute these certificates, including those for email, making it possible to use DNSSEC as a worldwide ...
