mirror of
https://gitlab.com/netravnen/NetworkLabNotes.git
synced 2024-12-23 20:57:53 +00:00
DNSSEC record types
This commit is contained in:
parent
7c22c00f90
commit
c5979df002
|
@ -51,6 +51,20 @@ Is hierarchical by design going from:
|
||||||
|
|
||||||
\section{DNSSEC}
|
\section{DNSSEC}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
\subsection{New Record Types}
|
||||||
|
|
||||||
|
A couple of new record types were introduced with \gls{dnssec}.\cite{HowDNSSE22:online}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item \itemhead{RRSIG} Contains a cryptographic signature.
|
||||||
|
\item \itemhead{DNSKEY} Contains a public signing key.
|
||||||
|
\item \itemhead{DS} Contains the hash of a DNSKEY record.
|
||||||
|
\item \itemhead{NSEC+NSEC3} For explicit denial-of-existence of a DNS record.
|
||||||
|
\item \itemhead{CDNSKEY+CDS} For a child zone requesting updates to DS record(s) in the parent zone.
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
\subsection[KSK]{Key Signing Key}
|
\subsection[KSK]{Key Signing Key}
|
||||||
|
|
||||||
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
|
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
|
||||||
|
|
|
@ -49,3 +49,12 @@
|
||||||
year = {},
|
year = {},
|
||||||
note = {(Accessed on 09/10/2017)}
|
note = {(Accessed on 09/10/2017)}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@misc{HowDNSSE22:online,
|
||||||
|
author = {},
|
||||||
|
title = {How DNSSEC Works | Cloudflare},
|
||||||
|
howpublished = {\url{https://www.cloudflare.com/dns/dnssec/how-dnssec-works/}},
|
||||||
|
month = {},
|
||||||
|
year = {},
|
||||||
|
note = {(Accessed on 09/10/2017)}
|
||||||
|
}
|
Loading…
Reference in a new issue