netravnen/NetworkLabNotes
1
0
Fork 0
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git synced 2024-12-26 21:07:55 +00:00
Code Releases Activity

DNS: describe ksk and zsk

Browse source
This commit is contained in:
netravnen 2017-09-10 00:11:07 +02:00
parent 025ab2184b
commit 828384231f
2 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
acronyms.tex
View file

@ -86,6 +86,7 @@
\newacronym{isp}{ISP}{Internet Service Provider}
\newacronym{ixp}{IXP}{Internet Exchange Point}
\newacronym{junos}{JUNOS}{Juniper Network Operating System}
\newacronym{ksk}{KSK}{Key Signing key}
\newacronym{l2}{L2}{Layer 2}
\newacronym{l2vpn}{L2VPN}{Layer 2 Virtual Private Network}
\newacronym{l3}{L3}{Layer 3}
@ -181,4 +182,5 @@
\newacronym{wlan}{WLAN}{Wireless Local Area Network}
\newacronym{wred}{WRED}{Weighted Random Early Detection}
\newacronym{zbc}{ZBC}{Zealand Business School}
\newacronym{zsk}{ZSK}{Zone Signing Key}
\newacronym{aaa}{AAA}{Authentication, Authorization, Accounting}

9
chapter/dns.tex
View file

@ -6,4 +6,11 @@
\section[KSK]{Key Signing Key}
\subsection[Rollover]{Key Signing Key Rollover}
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
A prime example of this the current \gns{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}.
\subsection[Rollover]{Key Signing Key Rollover}