ECM 1413 Domain Name System Flashcards
1
Q
Domain Names
A
Devices are labelled with numeric IP addresses
Domain names are names for the numeric IP addresses
2
Q
What does the DNS do
A
DNS translates human-readable domain names into machine-readable IP addresses
3
Q
DNS requirements:
A
- Scalability
- Efficiency
- Reliability
- Maintainability
4
Q
Hierarchical design of domains
A
root
top level domains
second level domains
third level domains
5
Q
Root DNS Servers
A
- Top level, represented by (.)
- Thirteen logical root DNS servers
- Redundancy: each logical root server refers to multiple physical ones
- First point of contact if a DNS resolver can’t resolve a name
6
Q
Top-level Domain Servers
A
- Organisational (com, org, edu, gov, net)
- Geographical (uk, us, fr, eg, sp, de)
- Managed by ICANN (Internet Corporation for Assigned Names and Numbers)
7
Q
Authoritative Servers
A
- Hold the complete data for a domain’s DNS records
- Source of DNS responses
- To ensure maintainability, Authoritative servers must be updated automatically
8
Q
DNSSEC
A
- Attackers exploiting vulnerabilities in the DNS - it doesn’t check for credentials before accepting an answer.
- DNSSEC adds a lauer of trust on top of DNS
- The Domain Name System Security Extensions (DNSSEC) uses
○ Asymmetric Encryption
○ Hash Functions
9
Q
Asymmetric Encryption
A
- Uses a pair of keys (private and public)
- Using the encryption key as the public key (private communication)
- Using the decryption key as the public key (Signature verification of documents)
10
Q
Hash function
A
A hash function takes data of arbitrary size, M, and returns a fixed-size number, H(M)
11
Q
Creating a digital signature
A
- DNS data is put through hash function to give hash value (digital fingerprint)
- encrypt hash value with private key to give digital signature
- attach digital signature to dns data to give signed dns data
12
Q
Verifying a DNS response
A
- put the dns data of the signed dns data through the hash function to get its hash value
- decrypt the digital signature with the public key to get the hash value
- compare the two
- the dns response is valid if they match