Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


What the Heck is DNSSEC?

Feb 02, 2011, 00:04 (0 Talkback[s])
(Other stories by Diana Kelley)

"How DNSSEC Can Help

"The core issues underlying DNS insecurity are lack of trust (including mutual authentication), integrity, and availability. Trust relates to whether or not the information received is coming from a trusted/reliable source or not. Integrity speaks to maintaining the validity of the data where it is stored and when it is updated, as well as tamper-proofing during transmission of a query response. Availability includes whether or not the service is able to respond – if a DNS server can't answer the query, the machine's numerical address can't be mapped and a DoS occurs.

"One proposed solution to some of the security issues with DNS is a series of IETF specifications known as the DNS Security Extensions (DNSSEC), currently IETF RFC 2535). This was first introduced in November 1993 "at the 28th IETF meeting in Houston." The core strategy was to use digital signatures to provide data integrity and data origin authentication for DNS queries, but it did not include mutual authentication for changes to DNS records or controls to mitigate availability issues. IETF RFC 3833, "Threat Analysis of the Domain Name System (DNS)" provides a comprehensive overview of the specific vulnerabilities and exposures in DNS that DNSSEC attempts to mitigate."

Complete Story

Related Stories: