DNSSEC Flashcards
What does DNSSEC stand for?
Domain Name System Security Extensions
What is DNSSEC?
It is an industry-standard protocol that functions as an extension to the Domain Name System (DNS) protocol.
DNSSEC strengthens authentication inDNS using digital signatures based onpublic key cryptography. WithDNSSEC, it’s notDNSqueries and responses themselves that are cryptographically signed, but ratherDNSdata itself is signed by the owner of the data.
What are the two DNSSEC keys that the F5 uses to return DNSSEC-compliant responses?
- Zone key signing
- Key signing
What is a delegation of signing (DS)?
DNSSEC introduces a delegation signer (DS) record to allow the transfer of trust from a parent zone to a child zone. A zone operator hashes the DNSKEY record containing the public KSK and gives it to the parent zone to publish as a DS record.
What is the chain of trust?
It is the idea that zones, top level (.com), and the root all have a trusted relationship.
.root trusts -> .com trusts -> zone google.com