DNSSEC comprehensive analysis of security protocol for domain Name System

Source: Internet
Author: User
Tags domain domain name dnssec

DNS is a hierarchical database that includes a series of records that describe the name, IP address, and other information about the host. These databases reside in DNS servers, and DNS servers are interconnected with the Internet or intranet. Simply put, DNS is a directory service that provides a name to address for network applications that need to locate a specified server. For example, a user must have a DNS name for each e-mail message or access to a Web page.

The problem is that users cannot know whether the DNS answer source is correct or contains the correct data. Just a little study, even a teenage hacker can use the wrong data to destroy the DNS server, but the Web client does not recognize the error data. This can cause a lot of trouble because DNS is often used as the default authentication system.

For example, when a user clicks on a newspaper's web site in a browser, the page he expects to see is that newspaper. However, the DNS protocol does not contain any mechanism to prove that the Web page is correct, that the page is indeed the page of the newspaper that he expects. There is also a more dangerous scenario in which some organizations, for some purpose, steer unsuspecting users to a Web server that criticizes the newspaper, or deliberately tampered with the contents of the newspaper or even falsely reports the events in a defamatory manner.

To address this problem, the IETF is embarking on a security extension protocol in the DNS protocol, the so-called Domain Name System security Protocol (SECURITY,DNSSEC).

Generation of DNS

Before DNS, each new host must be added to the central storage device at the Stanford Institute's Network Information Center (Stanford reseach Institute ' s network information center,sri-nic). Until the early 90, the centre had been responsible for maintaining the information. Sri-nic files that frequently publish host information, all hosts on the Arpanet (the predecessor of the Internet) copy these files. This mechanism works when there are only a few hosts on the internet, but this mechanism is unstable as the internet grows.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.