DNS Security Extensions-DNSSEC

Advertisement
 Download your Full Reports for DNS Security Extensions-DNSSEC

The Domain Name System(DNS) is a distributed database that allows convenient storing and retrieving of resource records. DNShasbeen extended to providesecurity ser-vices(DNSSEC) mainlythrough public-key cryptography.
We propose a new approach to DNSSEC that may result in a significantly more eficient protocol. We introduce a newstrategy to buildchainsoftrust from rootservers to
authoritativeservers. Thetechniquesweemployarebased on symmetric-keycryptography.

Keywords
Domain Name System Security(DNSSEC), Authentication Protocols,DigitalSignatures,SymmetricEncryption

 

TheDomainNameSystem(DNS) [14, 15, 16] is a hierarchically distributed database that provides information fundamental toInternet operations, such as translating between human readable host namesand Internet Protocol (IP) addresses. Due to the importance of the information servedby DNS,there is astrongdemandfor securing communication within the DNS system.


When t he Domain Nam e System ( DNS ) is working proper l y, everything on t he Interne t
simply works . Names are resolved, web sites are viewed, and email flows. When the DNS breaks , almost everything on the internet grinds t o a halt. In general , t he DNS is largely a robust, resilient , and invisible service t o user s; however , to the operators that
run the network this critical infrastructure service can be viewed as either a service enabler or a major problem depending on the operating status of DNS .

Like most infrastructure services security was not initially built into the service, rather it was added on. Further more, when DNS security breaches occur the damaged parties may not even know that they have been compromised until after the fact . There fore, securing
DNS requires preventive measures such as those found in t he DNS Security Extensions ( DNS S E C).

DNSSEC adds some ?moving pieces? to the DNS that can break. This guide aims to explain t he various ways that DNS Security can break and how to determine what has broken when a signed zone is not working properly.

I t is expected t hat the reader already possesses working knowledge of DNS and can capably troubleshoot a broken DNS system at some level . References are listed at the end for more basic troubleshooting of t he DNS without DNSSEC. This guide also assumes
t hat the reader is familiar with DNS Security and how to deploy it.

 Download your Full Reports for DNS Security Extensions-DNSSEC

Advertisement

© 2013 123seminarsonly.com All Rights Reserved.