1
edit
Changes
→Week 12 (April 6) -
[[NAD810 A2|Specification]]
= Week 12 (April 6) - DNSSEC =DNS Security Extensions* FOUR New Resource Record Types:** The DNSKEY Record*** Zone-signing Key*** Key-signing Key** The RRSIG Record - store the digital signature on an RRset** The NSEC Record - "Next SECure" record, to indicate which domain name comes next after a given domain name** The DS Record - for Delegation Signer* EDNS0 - Teh Extension Mechanisms for DNS, version 0** handle a DNS message larger than 512 bytes** DO flag - DNSSEC OK** AD and CD flag for DNS queries:*** AD - Authenticated Data*** CD - Checking Disabled* Zone Signing** Use dnssec-keygen to generate KSK and ZSK pairs*** dnssec-keygen -f KSK -a RSASHA1 -b 512 -n ZONE mydomain.com.*** dnssec-keygen -a RSASHA1 -b 512 -n ZONE mydomain.com.** Use dnssec-zonesige to sign the zone file*** dnssec-signzone -o mydomain.com. db.mydomain*** keyset file*** dsset file References:* DNS and BIND by Cricket Liu and Paul Albitz - 5th Edition* [http://www.isc.org]
= Week 13 (April 13) - Review =
* Assignment 2 Due (April 14)