DNS Security

By 4 September, 2018 No Comments

Gonkar DNS Security

DNSSEC (Domain Name System Security Extensions)

A DNSKEY-record holds a public key that resolvers can use to verify DNSSEC signatures in RRSIG-records.

DNSKEY-records have the following data elements:

Flags: "Zone Key" (set for all DNSSEC keys) and "Secure Entry Point" (set for KSK and simple keys).

Protocol: Fixed value of 3 (for backwards compatibility)
Algorithm: The public key's cryptographic algorithm.
Public key: Public key data.

TLSA (Transport Layer Security Authentication)

TLSA records are used to specify the keys used in a domain's TLS servers.

The TLSA record identification (record name) is made of of 3 parts:

Port number: The port number that the TLS server listens on.
Protocol: The protocol used (udp, tcp, sctp, or user defined).
Server host name: Host name of the TLS server.

TLSA-records have the following data elements (see RFC below for details):

Certificate usage: A numeric value (0-255).
Selector: A numeric value (0-255).
Matching type: A numeric value (0-255).
Certificate association data: Hexadecimal.

CAA (Certificate Authority Authorization)

Allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain.

Redundancy all around the globe

DNS DNS Servers are located in all continent to offer fast queries and redundancy of our services.

Alejandro Betancor

Author Alejandro Betancor

More posts by Alejandro Betancor

Leave a Reply