Linux Today: Linux News On Internet Time.

More on LinuxToday

What the Heck is DNSSEC?

Feb 02, 2011, 00:04 (0 Talkback[s])
(Other stories by Diana Kelley)


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

"How DNSSEC Can Help

"The core issues underlying DNS insecurity are lack of trust (including mutual authentication), integrity, and availability. Trust relates to whether or not the information received is coming from a trusted/reliable source or not. Integrity speaks to maintaining the validity of the data where it is stored and when it is updated, as well as tamper-proofing during transmission of a query response. Availability includes whether or not the service is able to respond – if a DNS server can't answer the query, the machine's numerical address can't be mapped and a DoS occurs.

"One proposed solution to some of the security issues with DNS is a series of IETF specifications known as the DNS Security Extensions (DNSSEC), currently IETF RFC 2535). This was first introduced in November 1993 "at the 28th IETF meeting in Houston." The core strategy was to use digital signatures to provide data integrity and data origin authentication for DNS queries, but it did not include mutual authentication for changes to DNS records or controls to mitigate availability issues. IETF RFC 3833, "Threat Analysis of the Domain Name System (DNS)" provides a comprehensive overview of the specific vulnerabilities and exposures in DNS that DNSSEC attempts to mitigate."

Complete Story

Related Stories: