DNSSEC Guide, Meaning , Facts, Information and Description

DNSSEC (short for DNS Security Extensions) adds security to the Domain Name System (DNS) used on Internet Protocol networks. It is a set of extensions to DNS, which provide:

• origin authentication of DNS data
• data integrity, and
• authenticated denial of existence.

DNSSEC was designed to protect the Internet from certain attacks. All answers in DNSSEC are digitally signed. By checking the signature, a DNS resolver is able to check if the information is identical (correct and complete) to the info on the authoritative DNS server.

There are several distinct classes of threats to the DNS, most of which are DNS-related instances of more general problems, but a few of which are specific to peculiarities of the DNS protocol. RFC 3833 attempts to document some of the known threats to the DNS, and, in doing so, attempts to measure to what extent DNSSEC is a useful tool in defending against these threats.

DNSSEC does not provide confidentiality of data. Also, DNSSEC does not protect against DoS attacks.

The (updated) DNSSEC specifications are now finalized. In October 2004, the IESG has approved the new DNSSEC-bis document set as Proposed Standard. This means that three new DNSSEC RFCs will replace the current DNSSEC RFC (RFC 2535) and make this one obsolete.

External links

• Dnssec.net - Independent portal with DNSSEC information
• DNSEXT (DNS Extensions) Working Group at IETF.org
• DNSSEC Howto by Olaf Kolkman (RIPE NCC)
• A short timeline of DNSSEC by Miek Gieben
• A Threat Analysis of the Domain Name System - RFC 3833, D. Atkins, R. Austein, August 2004

This is an Article on DNSSEC. Page Contains Information, Facts Details or Explanation Guide About DNSSEC

	Web www.E-paranoids.com