What is DNS security?
Domain name security (DNS) (DNSSEC) is a means of protecting the Internet and its users from possible attacks that can deactivate or prevent access to essential names on the Internet. Security extensions create a way that DNS servers continue to provide internet protocol (IP), but with added provisions that DNS servers are authenticated by creating a number of credibility. Through the extension, the data shared between DNS servers also achieve the integrity level, which is usually difficult on the existing protocol to which the data is transmitted. As the Internet grew, a number of developed DNS security, privacy and DNS data integrity. Given the problems of personal data protection, the problem was solved soon in proper Configuration of DNS servers. Nevertheless, it is possible that the DNS server will be exposed to a number of different types of attacks such as distributed DESIGNS (DDOS) and attacks attacks that can affectIT any type of server. However, the problem of DNS is the problem of some external data poisoning by introducing false information.
DNSSEC has been developed by Task Force Internet Engineering Task Force (IETF) and described in detail in several comment applications (RFC), 4033 to 4035. Only authentication techniques and not encryption are used to alleviate DNS servers.
The way DNSSEC works is to create credibility between the different levels of the DNS hierarchy. At the highest level, the domain domain is estasamated as the primary intermediary between the lower domains such as .com, .org etc. subdomains then look at the root domain and act as what is called a trusted third party to verify the credibility of others to share each otherET exact data DNS.
One problem that occurs as a result of the methods described in RFCS is called the list zone. It is possible for an external source to learn the identity of each named computer in the network. Some discussions have evolved with DNS safety and the zone list due to the fact that, although DNS was not originally designed for privacy, various legal and government duties require data to remain private. Another protocol described in RFC 5155 describes the means to implement other sources records to DNS, which may alleviate the problem even if it does not completely remove it.
Other problems with DNS security implementation revolves around compatibility with older systems. The implemented protocols must be universal, and therefore they are understandable by all computers, servers and clients that use the Internet. Since DNSSEC is implemented through the extension of software on DNS, however, some difficulties have appeared in the correct update of older systems for the purpose of belowPore new methods. Nevertheless, the deployment of the DNSSEC methods began on the root level at the end of 2009 and at the beginning of 2010 and many modern computer operating systems are equipped with an extension of DNS security.