Chapter 11. DNSSEC

When a name server receives the response to a query for, say, the A record of a web site, for instance, www.example.com, it can only hope that the data is correct. It has no way of proving that this is the case, and in fact it could have been duped or spoofed in a variety of ways. For instance, the query response may have been supplied from a poisoned zone file, or the query may have been intercepted and bad data substituted in the response. Another possibility is the query may have been redirected to a bogus server for the domain in question, or the response could be perfectly valid, containing good data from the correct source. In a situation where revenues, reputation, or security (that is, commercial or national) are at ...

Get Pro DNS and BIND now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.