DNSSEC comprehensive analysis of security protocol for domain Name System

DNS is a hierarchical database that includes a series of records that describe the name, IP address, and other information about the host. These databases reside in DNS servers, and DNS servers are interconnected with the Internet or intranet. Simply put, DNS is a directory service that provides a name to address for network applications that need to locate a specified server. For example, a user must have a DNS name for each e-mail message or access to a Web page.

The problem is that users cannot know whether the DNS answer source is correct or contains the correct data. Just a little study, even a teenage hacker can use the wrong data to destroy the DNS server, but the Web client does not recognize the error data. This can cause a lot of trouble because DNS is often used as the default authentication system.

For example, when a user clicks on a newspaper's web site in a browser, the page he expects to see is that newspaper. However, the DNS protocol does not contain any mechanism to prove that the Web page is correct, that the page is indeed the page of the newspaper that he expects. There is also a more dangerous scenario in which some organizations, for some purpose, steer unsuspecting users to a Web server that criticizes the newspaper, or deliberately tampered with the contents of the newspaper or even falsely reports the events in a defamatory manner.

To address this problem, the IETF is embarking on a security extension protocol in the DNS protocol, the so-called Domain Name System security Protocol (SECURITY,DNSSEC).

Generation of DNS

Before DNS, each new host must be added to the central storage device at the Stanford Institute's Network Information Center (Stanford reseach Institute ' s network information center,sri-nic). Until the early 90, the centre had been responsible for maintaining the information. Sri-nic files that frequently publish host information, all hosts on the Arpanet (the predecessor of the Internet) copy these files. This mechanism works when there are only a few hosts on the internet, but this mechanism is unstable as the internet grows.