Copyright © 2014, 2015, 2016, 2017 Internet Systems Consortium, Inc.
Abstract
The Domain Name System Security Extensions (DNSSEC) extends standard DNS to provide a measure of security; it proves that the data comes from the official source and has not been modified in transit.
This guide introduces the DNSSEC standards and shares several examples of implementing, maintaining, and troubleshooting DNSSEC.
Table of Contents
- Preface
- 1. Introduction
- 2. Getting Started
- 3. Validation
- 4. Signing
- 5. Basic Troubleshooting
- 6. Advanced Discussions
- 7. Recipes
- 8. Commonly Asked Questions
List of Figures
- 1.1. DNSSEC Validation 12 Steps
- 3.1. Signature Generation
- 3.2. Signature Verification
- 3.3. DNSSEC Validation with .gov Trust Anchor
- 4.1. Verisign DNSSEC Debugger
- 4.2. DNSViz
- 5.1. Query Path
- 7.1. Inline Signing Recipe #1
- 7.2. Inline Signing Scenario #2
- 7.3. Upload DS Record Step #1
- 7.4. Upload DS Record Step #2
- 7.5. Upload DS Record Step #3
- 7.6. Upload DS Record Step #4
- 7.7. Upload DS Record Step #5
- 7.8. Upload DS Record Step #6
- 7.9. Remove DS Record Step #1
- 7.10. Remove DS Record Step #2
- 7.11. Remove DS Record Step #3
- 7.12. Revert to Unsigned Step #1
- 7.13. Revert to Unsigned Step #2
- 7.14. Revert to Unsigned Step #3
- 7.15. Revert to Unsigned Step #4
- 7.16. Browser Certificate Warning
- 7.17. DNSSEC TLSA Validator
List of Tables