Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DNS Security Extensi<strong>on</strong>s (<strong>DNSSEC</strong>)<br />
• DNS data signed <strong>with</strong> private keys<br />
• Signatures (RRSIGs) and public keys (DNSKEYs) published in<br />
z<strong>on</strong>e data<br />
• Resolver resp<strong>on</strong>se<br />
• If authentic: Authenticated data (AD) bit is set<br />
• If bogus: SERVFAIL message is returned<br />
Query: example.com/A ?<br />
Query: example.com/A ?<br />
Answer: 192.0.2.16<br />
RRSIG<br />
Query: example.com/DNSKEY ?<br />
validate<br />
Answer: DNSKEY…<br />
RRSIG<br />
example.com<br />
Answer: 192.0.2.16<br />
AD<br />
stub resolver<br />
recursive/validating<br />
resolver<br />
authoritative server<br />
Verisign Public<br />
17
Change language