mirror of
https://gitlab.com/netravnen/NetworkLabNotes.git
synced 2024-12-26 21:07:55 +00:00
17 lines
767 B
TeX
17 lines
767 B
TeX
\chapter{DNS}
|
|
|
|
\section{Standard DNS}
|
|
|
|
\section[DNSSEC]{Encrypted DNS (a.k.a. DNSSEC)}
|
|
|
|
\section[KSK]{Key Signing Key}
|
|
|
|
The \gls{ksk} is a used to sign other keys. Thus creating a chain-of-trust.
|
|
|
|
A prime example of this the current \gns{dnssec} infrastructure on the internet. Where \gls{icann} is controlling and managing the Root zone \gls{ksk} used today. And for the first time in history will do a \gls{ksk} rollover in the fall of 2017.\footnote{The 1st key was issued in 2010.}
|
|
|
|
The \gls{ksk} is used to sign the DNS root-zone. All the TLD zones then have their own key called a \gls{zsk} used to sign all the domains requesting a key to sign their domain. The \gls{zsk} is signed by the root-zone \gls{ksk}.
|
|
|
|
\subsection[Rollover]{Key Signing Key Rollover}
|
|
|