DNSSEC primer

Answers You Can Trust

Article from Issue 117/2010

One of the largest holes in the Internet is finally plugged.

I hope by the time you are reading this article that the DNS root domain (.) will include signed data for all the top-level domains (.nl, .org, etc.). Why? Because once that is done, you will finally be able make DNS queries and actually validate that the answer you received is correct.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content


    Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution service.

  • Local DNS with Unbound

    You don't have to be satisfied with your ISP's slow and cumbersome DNS server. Your own Unbound server could improve performance as well as security.

  • Charly's Column: Nameserver Diagnostics

    Many administrators rely on Linux tools whose fate is already sealed, but external forces can help people let go of old habits.

  • Security Lessons: DNS Security

    Kurt describes how to keep bad guys out of your network using a targeted filtering approach.

  • DIC: Domain Name Registries to Promote DNSSEC

    The DNSSEC Industry Coalition (DIC) was founded in the U.S. with the goal to drive further development and acceptance of the DNSSEC security protocol. The consortium includes a half dozen top Domain Name Registries and software developers that are currently laying out an action plan.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More