Resources for Federal Information Security Management Act (FISMA)

Secure DNS? Not Just Yet

www.networkcomputing.com

Despite a real need, security extensions for the domain name system aren't ready for widespread use.The domain name system, or DNS, is a distributed database used to resolve host names to IP addresses (and vice versa) and to locate other information sources, like mail servers. It's a highly resilient architecture, and its distributed nature means that portions of the database, or zones, can be managed independently while still presenting a cohesive naming service.

The IETF's DNS Extensions working group has been focused on DNS security for close to 10 years, hammering out the basic protocol changes. Currently, RFC 4033, 4034 and 4035 make up the core DNS security requests for comment. The main goal of DNSSEC is to provide authenticated DNS responses to queries using public-key cryptography that can be validated by DNS clients.

View the Resource

Share or bookmarklet this web page at: