The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.
- Origin authentication of DNS data
- Data integrity (but not availability or confidentiality)
- Authenticated denial of existence
- Devising a backward-compatible standard that can scale to the size of the Internet
- Preventing "zone enumeration" where desired
- Deploying DNSSEC implementations across a wide variety of DNS servers and DNS clients (resolvers)
- Disagreement among key players over who should own the TLD (e.g., .com, .net) root keys
- Overcoming the perceived complexity of DNSSEC and DNSSEC deployment
Some of these problems are in the process of being resolved, and deployments in various domains have begun to take place.
External reading Edit
- EDUCAUSE, "7 Things You Should Know About . . . DNSSEC" (Jan. 2010) (full-text).
|This page uses Creative Commons Licensed content from Wikipedia (view authors).|