DNSSEC
E37203
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
Aliases (2)
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
DNS extension
→
internet security protocol suite → |
| abbreviation |
DNSSEC
→
|
| appliesTo |
forward DNS zones
→
reverse DNS zones → |
| definedInRFC |
RFC 4033
→
RFC 4034 → RFC 4035 → RFC 4509 → RFC 5011 → RFC 5155 → RFC 5702 → RFC 6605 → RFC 6840 → RFC 8080 → |
| deploymentStatus |
partially deployed on the public internet
→
|
| doesNotProvide |
confidentiality
→
|
| fullName |
Domain Name System Security Extensions
→
|
| introducesRecordType |
CDNSKEY
→
CDS → DNSKEY → DS → NSEC → NSEC3 → NSEC3PARAM → RRSIG → |
| mitigates |
DNS cache poisoning
→
DNS spoofing → |
| operatesOn |
DNS resource records
→
|
| provides |
data integrity
→
data origin authentication → |
| relatedStandard |
DANE
→
TSIG → |
| requires |
DNSSEC-aware authoritative name servers
→
DNSSEC-validating resolvers → |
| rootZoneManagedBy |
ICANN
→
U.S. Department of Commerce → Verisign → |
| rootZoneSigned |
2010-07-15
→
|
| standardizedBy |
IETF
→
|
| supportsAlgorithm |
DSA
→
ECDSA → Ed25519 → Ed448 → RSA → |
| usesCryptography |
public key cryptography
→
|
| usesMechanism |
chain of trust
→
delegation signer records → key signing key → zone signing key → |
| verificationPerformedBy |
validating resolver
→
|
Referenced by (7)
| Subject (surface form when different) | Predicate |
|---|---|
|
DNSSEC
→
|
abbreviation |
|
DNSSEC ZSK
→
|
belongsToStandard |
|
DNSSEC
("Domain Name System Security Extensions")
→
|
fullName |
|
DNSSEC root key signing ceremony
("Domain Name System Security Extensions")
→
|
relatedTo |
|
Domain Name System root zone
("DNS Security Extensions")
→
|
securedBy |
|
DNSSEC ZSK
("DNS Security Extensions")
→
|
usedIn |
|
Domain Name System root zone
→
|
usesStandard |