Spread the word.

Share the link on social media.

Share
  • Facebook
Have an account? Sign In Now

Sign Up

Have an account? Sign In

Have an account? Sign In Now

Sign In

Sign Up Here

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Have an account? Sign In Now

You must login to ask question.

Forgot Password?

Don't have account, Sign Up Here
Please subscribe to paid membership

Sorry, you do not have a permission to add a post. Please subscribe to paid membership

Forgot Password?

Don't have account, Sign Up Here
Please subscribe to paid membership

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

GEKOOK.COM
Sign InSign Up

GEKOOK.COM

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Add group
  • Groups page
  • Communities
  • Polls
  • Tags
  • Badges
  • Users
  • Help
  • Chat with an expert
Home/ Questions/Q 466
Asked: May 25, 20222022-05-25T14:24:28+00:00 2022-05-25T14:24:28+00:00In: dns

HOW DNSSEC WORKS TO PROVIDE THE PROTOCOL FOR A SECURE INTERNET ?

Anonymous
Anonymous

The Internet Engineering Task Force (IETF) has been working for many years to provide standards for the domain name system security extension (DNSSEC). DNSSEC protects internet users and applications from forged domain name system (DNS) data by using public key cryptography to digitally sign authoritative zone data when it enters the DNS and then validate it at its destination. Learn more about public key cryptography.

A digital signature helps assure users that the data originated from the stated source and that it was not modified in transit. DNSSEC can also establish that a domain name does not exist. These capabilities are essential to maintaining trust in the internet.

In DNSSEC, each zone has at least one public/private key pair. The zone’s public key is published using DNS, while the zone’s private key is kept safe and ideally stored offline. A zone’s private key signs individual DNS data records in that zone, creating digital signatures that are also published with DNS.

DNSSEC uses a rigid trust model and this chain of trust flows from parent zone to child zone. The chain of trust is established when higher-level (parent) zones sign the public keys of lower-level (child) zones. The authoritative name servers for these various zones may be managed by registrars, internet service providers (ISPs), web hosting companies or registrants themselves.

When an end user wants to access a website (or any internet resource), a stub resolver on the user’s computer requests the website’s IP address from a recursive name server. When a recursive name server requests the address record it also requests the DNSSEC key associated with the zone. This key allows the recursive name server to verify that the IP address record it receives is identical to the record on the authoritative name server.

If the recursive name server determines that the address record has been sent by the authoritative name server and has not been altered in transit, it resolves the domain name (provides the requested IP address) and the user can access the site. This integrity-checking process is called “validation.” If the address record has been modified the recursive name server does not allow the user to reach the fraudulent address. DNSSEC can also prove that a domain name does not exist. As a result of this process, DNS queries and responses are protected from “man-in-the-middle” (MITM) attacks and the kind of forgeries that could possibly redirect internet users to phishing and pharming sites.

dnsdnssecsecurity
  • 0
  • 00
  • 6
  • 0
  • 0
  • Share
    • Share on Facebook
    • Share on Twitter
    • Share on LinkedIn
    • Share on WhatsApp

    You must login to add an answer.

    Forgot Password?

    Need An Account, Sign Up Here

    Sidebar

    Ask A Question

    Stats

    • Questions 84
    • Answers 75
    • Popular
    • Answers

    Trending Tags

    Analytics (2) Company (3) CRM (2) Docking (1) Drupal (1) Hardware (1) HTML (2) Language (4) Laptop (1) Linux (1) Management (2) Networking (1) Programmers (6) Programs (5) Project management (2) Security (5) Teams (1) University (1) Windows (2) Windows 10 (2)

    Last registered users

    Sinus Treatment in Coimbatore

    Sinus Treatment in Coimbatore

      Begginer
      HappyBear

      HappyBear

        Begginer
        purerawhoney

        purerawhoney

          Begginer
          Craftsman Storage Systems

          Craftsman Storage Systems

            Begginer
            Blushing Bride

            Blushing Bride

              Begginer

              Explore

              • Home
              • Add group
              • Groups page
              • Communities
              • Polls
              • Tags
              • Badges
              • Users
              • Help
              • Chat with an expert

              Footer

              GEKOOK.COM

              Gekook is a questions & Answers plateform which will help you establis your community and connect with other people.

              About Us

              • Meet The Team
              • Community
              • About Us
              • Contact Us

              Legal Stuff

              • Terms of Use
              • Privacy Policy
              • Cookie Policy

              Help

              • Knowledge Base
              • Support

              Follow

              © 2022. All Rights Reserved
              Gekook Brainstorm | Gekook Canada Inc