DNSSEC Key Management
نویسندگان
چکیده
The DNS security extensions, DNSSEC, were standardized in 2005. Since the 2008 update, they have become available for general use. The implementation of the DNSSEC is a complex task, demanding software and hardware modifications throughout the entire DNS hierarchy. That is the reason why DNSSEC has only recently received more attention. The paper presents and compares current possibilities for DNSSEC implementation, which are available to DNS service providers. The authors believe that the currently accessible tools are powerful enough for widespread use.
منابع مشابه
A Longitudinal, End-to-End View of the DNSSEC Ecosystem
The Domain Name System’s Security Extensions (DNSSEC) allow clients and resolvers to verify that DNS responses have not been forged or modified inflight. DNSSEC uses a public key infrastructure (PKI) to achieve this integrity, without which users can be subject to a wide range of attacks. However, DNSSEC can operate only if each of the principals in its PKI properly performs its management task...
متن کاملRfc 6781 Dnssec
This document describes a set of practices for operating the DNS with security extensions (DNSSEC). The target audience is zone administrators deploying DNSSEC. The document discusses operational aspects of using keys and signatures in the DNS. It discusses issues of key generation, key storage, signature generation, key rollover, and related policies. This document obsoletes RFC 4641, as it co...
متن کاملTowards Adoption of DNSSEC: Availability and Security Challenges
DNSSEC deployment is long overdue; however, it seems to be finally taking off. Recent cache poisoning attacks motivate protecting DNS, with strong cryptography, rather than with challenge-response ‘defenses’. Our goal is to motivate and help correct DNSSEC deployment. We discuss the state of DNSSEC deployment, obstacles to adoption and potential ways to increase adoption. We then present a comp...
متن کاملNSEC5: Provably Preventing DNSSEC Zone Enumeration
We use cryptographic techniques to study zone enumeration in DNSSEC. DNSSEC is designed to prevent attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability, zone enumeration, enabling an adversary to use a small number of online DNSSEC queries combined with offline dictionary attacks to learn which dom...
متن کاملMeasuring the Practical Impact of DNSSEC Deployment
DNSSEC extends DNS with a public-key infrastructure, providing compatible clients with cryptographic assurance for DNS records they obtain, even in the presence of an active network attacker. As with many Internet protocol deployments, administrators deciding whether to deploy DNSSEC for their DNS zones must perform cost/benefit analysis. For some fraction of clients — those that perform DNSSEC...
متن کامل