27,652
edits
Changes
Jump to navigation
Jump to search
Line 13:
Line 13: − + − +
Domain Name System Security Extensions (view source)
Revision as of 13:12, 20 July 2012
, 11 years agono edit summary
Apart from the new DNS server and client concepts, DNSSEC introduced to the DNS the following 4 new resource records: [[DNSKEY]], [[RRSIG]], [[NSEC]] and [[DS]].
Apart from the new DNS server and client concepts, DNSSEC introduced to the DNS the following 4 new resource records: [[DNSKEY]], [[RRSIG]], [[NSEC]] and [[DS]].
==How it Works==
===How it Works===
The DNS was initially developed without any security extensions, thus increasing the chances to get out of synch and allow the spoofing of [[IP Address|IP Addresses]] with the purpose of redirecting traffic to undesired websites. This is how DNSSEC appeared: as a need for adding protection and security to DNS so that the redirected traffic could be checked and directed towards the correct server.
The DNS was initially developed without any security extensions, thus increasing the chances to get out of synch and allow the spoofing of [[IP Address|IP Addresses]] with the purpose of redirecting traffic to undesired websites. This is how DNSSEC appeared: as a need for adding protection and security to DNS so that the redirected traffic could be checked and directed towards the correct server.
The DNS ensures the correlation between the web address with [[IP Address]] and route traffic, but the DNSSEC ensures accuracy of the lookup date by adding a digital signature. In this way, the computer is connected to legitimate servers. If the DNSSEC authentication does not work (such as when the encryption keys do not match), due to the backwards-compatible system, the transaction will follow the DNS protocols.<ref>[http://www.educause.edu/Resources/7ThingsYouShouldKnowAboutDNSSE/195431 7 things about DNSSEC]</ref>
The DNS ensures the correlation between the web address with [[IP Address]] and route traffic, but the DNSSEC ensures accuracy of the lookup date by adding a digital signature. In this way, the computer is connected to legitimate servers. If the DNSSEC authentication does not work (such as when the encryption keys do not match), due to the backwards-compatible system, the transaction will follow the DNS protocols.<ref>[http://www.educause.edu/Resources/7ThingsYouShouldKnowAboutDNSSE/195431 7 things about DNSSEC]</ref>
==Objectives==
===Objectives===
The core objectives of DNSSEC are:
The core objectives of DNSSEC are: