diff --git a/chapter/dns.tex b/chapter/dns.tex index c1e92ce..9c6c009 100644 --- a/chapter/dns.tex +++ b/chapter/dns.tex @@ -51,6 +51,20 @@ Is hierarchical by design going from: \section{DNSSEC} + + +\subsection{New Record Types} + +A couple of new record types were introduced with \gls{dnssec}.\cite{HowDNSSE22:online} + +\begin{itemize} + \item \itemhead{RRSIG} Contains a cryptographic signature. + \item \itemhead{DNSKEY} Contains a public signing key. + \item \itemhead{DS} Contains the hash of a DNSKEY record. + \item \itemhead{NSEC+NSEC3} For explicit denial-of-existence of a DNS record. + \item \itemhead{CDNSKEY+CDS} For a child zone requesting updates to DS record(s) in the parent zone. +\end{itemize} + \subsection[KSK]{Key Signing Key} The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust. diff --git a/references-websites.bib b/references-websites.bib index 7304ec3..1a4d7ae 100644 --- a/references-websites.bib +++ b/references-websites.bib @@ -48,4 +48,13 @@ month = {}, year = {}, note = {(Accessed on 09/10/2017)} +} + +@misc{HowDNSSE22:online, + author = {}, + title = {How DNSSEC Works | Cloudflare}, + howpublished = {\url{https://www.cloudflare.com/dns/dnssec/how-dnssec-works/}}, + month = {}, + year = {}, + note = {(Accessed on 09/10/2017)} } \ No newline at end of file