DNSSEC Flashcards

1
Q

What does DNSSEC stand for?

A

Domain Name System Security Extensions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DNSSEC?

A

It is an industry-standard protocol that functions as an extension to the Domain Name System (DNS) protocol.
DNSSEC strengthens authentication inDNS using digital signatures based onpublic key cryptography. WithDNSSEC, it’s notDNSqueries and responses themselves that are cryptographically signed, but ratherDNSdata itself is signed by the owner of the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two DNSSEC keys that the F5 uses to return DNSSEC-compliant responses?

A
  • Zone key signing
  • Key signing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a delegation of signing (DS)?

A

DNSSEC introduces a delegation signer (DS) record to allow the transfer of trust from a parent zone to a child zone. A zone operator hashes the DNSKEY record containing the public KSK and gives it to the parent zone to publish as a DS record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the chain of trust?

A

It is the idea that zones, top level (.com), and the root all have a trusted relationship.
.root trusts -> .com trusts -> zone google.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly