27,652
edits
Changes
Jump to navigation
Jump to search
Line 25:
Line 25: + + + Line 66:
Line 69: − − ==DNSSEC Deployment Statistics== − Based on ICANN's TLD DNSSEC Report, 95 TLDs out of the 313 TLDs in the DNS root zone were already signed with the DNSSEC protocol while 86 TLDs have trust anchors published in the root zone, which means they are DNSSEC compatible.<ref>[http://stats.research.icann.org/dns/tld_report/ TLD DNSSEC Report (2012-05-03)]</ref>
Domain Name System Security Extensions (view source)
Revision as of 18:47, 28 September 2012
, 11 years agono edit summary
The DNSSEC mechanism of authentication of communication between hosts is fulfilled by means of [[TSIG]]. More specifically, the [[TSIG]] is used to securely authenticate the transactions between the name servers and the resolver. The DNSSEC mechanism of establishing authenticity and data integrity is achieved by means of: new RRs, signing a single zone, building a trust chain and by means of [[key rollers]] or [[key exchange]].
The DNSSEC mechanism of authentication of communication between hosts is fulfilled by means of [[TSIG]]. More specifically, the [[TSIG]] is used to securely authenticate the transactions between the name servers and the resolver. The DNSSEC mechanism of establishing authenticity and data integrity is achieved by means of: new RRs, signing a single zone, building a trust chain and by means of [[key rollers]] or [[key exchange]].
===DNSSEC Deployment Statistics===
Based on ICANN's TLD DNSSEC Report, 95 TLDs out of the 313 TLDs in the DNS root zone were already signed with the DNSSEC protocol while 86 TLDs have trust anchors published in the root zone, which means they are DNSSEC compatible.<ref>[http://stats.research.icann.org/dns/tld_report/ TLD DNSSEC Report (2012-05-03)]</ref>
==DNSSEC and ICANN==
==DNSSEC and ICANN==
A detailed report of the NASA DNSSEC signing error is available [http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_20120118_FINAL.pdf '''here'''].
A detailed report of the NASA DNSSEC signing error is available [http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_20120118_FINAL.pdf '''here'''].
==DNSSEC Standards==
==DNSSEC Standards==