mirror of
https://gitlab.com/netravnen/NetworkLabNotes.git
synced 2024-12-23 20:57:53 +00:00
DNS content initial commit
This commit is contained in:
parent
2cfa967506
commit
1ef63a864e
|
@ -196,4 +196,5 @@
|
|||
\newacronym{soa}{SOA}{Start of Authority record}
|
||||
\newacronym{txt}{TXT}{Text record}
|
||||
\newacronym{cctld}{ccTLD}{Country code top-level domain}
|
||||
\newacronym{gtld}{gTLD}{Generic top-level domain}
|
||||
\newacronym{gtld}{gTLD}{Generic top-level domain}
|
||||
\newacronym{tld}{TLD}{Top-level domain}
|
|
@ -1,16 +1,56 @@
|
|||
\chapter{DNS}
|
||||
|
||||
\section{Standard DNS}
|
||||
\begin{quote}
|
||||
Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.
|
||||
|
||||
This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.
|
||||
\end{quote}\footnote{\href{http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does-it-work/}{networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does-it-work/}}
|
||||
|
||||
\section[DNSSEC]{Encrypted DNS (a.k.a. DNSSEC)}
|
||||
\pagebreak
|
||||
|
||||
\section[KSK]{Key Signing Key}
|
||||
\section{Hierarchy}
|
||||
|
||||
\wikicommonspublicdomain{Domain_name_space}
|
||||
|
||||
\pagebreak
|
||||
|
||||
Is hierarchical by design going from:
|
||||
|
||||
\begin{enumerate}
|
||||
\item the root zone at the top of the pyramid,
|
||||
\item to the \gls{tld} zones\footnote{Fx. \gls{cctld}/\gls{gtld} zones: .org, .net, .uk, .au, .mil, .aero},
|
||||
\item to the sub-zones\footnote{Fx. .co.uk, .org.uk, .net.au, .co.cc} a level below.
|
||||
\end{enumerate}
|
||||
|
||||
\wikicommonspublicdomain{Example_of_an_iterative_DNS_resolver}
|
||||
|
||||
\pagebreak
|
||||
|
||||
\section{Record Types}
|
||||
|
||||
\begin{itemize}
|
||||
\item \itemhead{A} Stores info on \gls{ip4} address.
|
||||
\item \itemhead{AAAA} Store info on \gls{ip6} address.
|
||||
\item \itemhead{CNAME} Store URL pointing to another URL (a.k.a. \gls{a}/\gls{aaaa} records).
|
||||
\item \itemhead{HINFO}
|
||||
\item \itemhead{ISDN}
|
||||
\item \itemhead{MX}
|
||||
\item \itemhead{NS}
|
||||
\item \itemhead{PTR}
|
||||
\item \itemhead{SOA}
|
||||
\item \itemhead{TXT}
|
||||
\item \itemhead{DNSKEY}
|
||||
\end{itemize}
|
||||
|
||||
\section{DNSSEC}
|
||||
|
||||
\subsection[KSK]{Key Signing Key}
|
||||
|
||||
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
|
||||
|
||||
A prime example of this the current \gns{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
|
||||
A prime example of this the current \gls{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
|
||||
|
||||
The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}.
|
||||
|
||||
\subsection[Rollover]{Key Signing Key Rollover}
|
||||
\subsection[Rollover]{KSK-Rollover}
|
||||
|
||||
|
|
BIN
img/wikimediacommonspublicdomain/Domain_name_space.png
Normal file
BIN
img/wikimediacommonspublicdomain/Domain_name_space.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 117 KiB |
Binary file not shown.
After Width: | Height: | Size: 71 KiB |
Loading…
Reference in a new issue