學術及資源的交流園地 ^_^

kvm 上的 sata

最後更新: 2020-02-13

 

 

H3C - MSR810

最後更新: 2020-02-13

 

H3C

dnssec

最後更新: 2020-02-11

介紹

信任的次序

  • The root of trust -> DS -> DNSKEYs -> RRSIGs

The root of trust (trusted DS records)

hosted at IANA (https://www.iana.org/dnssec/files)

DS(Delegation Signer) record (at the registrar 's DNS)

a hash of a DNSKEY record if DNSSEC enabled

used to verify the DNSKEY record

DNSKEY record

contains a public signing key

used to verify the DNS record

RRSIG record (Resource Record Signature)

used to verify the RR

功能

prevent malicious motions like

 - cache poisoning
 - pharming
 - man-in-the-middle attacks

 

RSS feed