Secure DNS: Difference between revisions

From
Jump to navigation Jump to search
(Introduction)
 
(How-To)
Line 1: Line 1:
=Introduction=
=Introduction=
The '''DNS Security Extensions''', also known as '''DNSSEC''', make it possible verify the authenticity and integrity of data obtained from the domain name system.
The '''DNS Security Extensions''', also known as '''DNSSEC''', make it possible verify the authenticity and integrity of data obtained from the domain name system. To enable DNSSEC operation modified resolvers are needed that check data received from DNS servers. On the part of the authoritative name servers no modifications are necessary except for additional DNS records containing the signature data.

=Quick How-To=
There is an excellent howto available from RIPE at [http://www.ripe.net/projects/disi/dnssec_howto/].

==What You Need==
; BIND 9.3 : <div>For example available in Debian Testing or Unstable. To get it into Debian Stable put the testing-sources into <var>/etc/apt/sources.list</var>, e.g. <pre><nowiki> deb http://ftp.de.debian.org/debian etch main
deb http://security.debian.org/ etch/updates main</nowiki></pre> and into <var>/etc/apt/apt.conf</var>: <pre> APT::Default-Release "3.1*"</pre>You can then install bind 9.3 with<pre>apt-get install bind9/testing dnsutils/testing</div></pre>

Revision as of 13:35, 8 September 2005

Introduction

The DNS Security Extensions, also known as DNSSEC, make it possible verify the authenticity and integrity of data obtained from the domain name system. To enable DNSSEC operation modified resolvers are needed that check data received from DNS servers. On the part of the authoritative name servers no modifications are necessary except for additional DNS records containing the signature data.

Quick How-To

There is an excellent howto available from RIPE at [1].

What You Need

BIND 9.3
For example available in Debian Testing or Unstable. To get it into Debian Stable put the testing-sources into /etc/apt/sources.list, e.g. 
 deb http://ftp.de.debian.org/debian etch main

deb http://security.debian.org/ etch/updates main and into /etc/apt/apt.conf: 

 APT::Default-Release "3.1*"

You can then install bind 9.3 with

apt-get install bind9/testing dnsutils/testing</div>
Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Secure_DNS&oldid=1634"