Ver:
·
Pharming
·
RFC 4033 - DNS Security Introduction and
Requirements
·
RFC
4034 - Resource Records for the DNS Security Extensions
·
RFC
4035 - Protocol Modifications for the DNS Security Extensions
Las Extensiones de seguridad para el Sistema de
Nombres de Dominio (del inglés Domain Name System Security Extensions, o DNSSEC)
es un conjunto de especificaciones de la Internet Engineering Task Force (IETF)
para asegurar cierto tipo de información proporcionada por el sistema de nombre
de dominio (DNS) que se usa en el protocolo de Internet (IP). Se trata de un
conjunto de extensiones al DNS que proporcionan a los clientes DNS (o resolvers)
la autenticación del origen de datos DNS, la negación autenticada de la
existencia e integridad de datos, pero no disponibilidad o confidencialidad.
http://es.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
DNSSEC was designed to
protect internet resolvers (clients) from forged DNS data, such as that created
by DNS. All answers in DNSSEC are digitally signed. By checking the digital
signature, a DNS resolver is able to check if the information is identical
(correct and complete) to the information on the authoritative DNS server.
While protecting IP addresses is the immediate concernfor many users, DNSSEC
can protect other information such as general-purpose cryptographic
certificates stored in CERT records in the DNS.
DNSSEC is intended to
protectthe end user from DNS protocol attacks. Unfortunately the current DNS is
vulnerable to so-called spoofing or poisoning attacks, whichcan fool a cache
into accepting false DNS data. Various man-in-the-middle attacks are also
possible. The (DNSSEC) is not designed to end these attacks, but to make them
detectable by the end user.
FY 2013 - Chief Information
Officer - Federal Information Security Management Act - ReportingMetrics,
November 30, 2012
The Domain Name System
Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force
(IETF) specifications for securing certain kinds of information provided by the
Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a
set of extensions to DNS which provide to DNS clients (resolvers) origin
authentication of DNS data, authenticated denial of existence, and data
integrity, but not availability or confidentiality.
http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions