DNS (Domain Name System) is an integral part of the Internet, unfortunately it is insecure. DNSSEC is a major upgrade to the security of the Internet. It provides us with authentication of DNS data, data integrity, and authenticated denial of existence. “DNSSec is an absolute requirement if we want to . . . use the Internet for anything non-trivial,” Cricket Liu. I will give an overview of how DNS works and why it is vulnerable, then how DNSSEC addresses these issues. I will discuss the challenges of DNSSEC deployment, but also the additional possibilities it provides, such as DANE.
- Google Presentation
- SlideShare - comming soon
The following links assisted me with understanding some of the finer detials of DNSSEC and with articulating concepts.
- Mike Lucas - DNSSEC in 50 Minutes
- Men & Mice - DNSSEC best practices
- ISC BIND DNSSEC Guide
- SIDN DNSSEC Course
- RIPE NCC - DNSSEC Training Slides
- Internet Society
- Verisign Labs with DANE
- An Illustrated Guide to the Kaminsky DNS Vulnerability