Secure DNS with DNSSEC
Because DNS does not offer any form of security natively, it is vulnerable to spoofing, man-in-the-middle, and cache poisoning attacks. For this reason, it has become critical to develop a means for securing DNS. DNSSEC was developed to do just that.
There are a series of IETF RFCs that specify the DNSSEC extensions to DNS:
• RFC 4033—DNS Security Introduction and Requirements
• RFC 4034—Resource Records for the DNS Security Extensions
• RFC 4035—Protocol Modifications for the DNS Security Extensions
• RFC 5155—DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
• RFC 5702—Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC
• RFC 5011—Automated Updates of DNS Security (DNSSEC) Trust ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.