Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:web:domain-name:dnssec [2018/07/18 10:02]
dedibox
en:web:domain-name:dnssec [2018/08/01 18:11]
dedibox
Line 3: Line 3:
 ==== About DNSSEC ? ==== ==== About DNSSEC ? ====
  
-Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. Attackers are able to falsify responses to queries to the DNS which allows ​them to redirect end users to Web sites under their own control.+Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. Attackers are able to falsify responses to queries to the DNS which allow them to redirect end users to Web sites under their own control.
  
 In response to these threats, DNSSEC cryptographically ensures that DNS content cannot be modified from its source without being detected. ​ In response to these threats, DNSSEC cryptographically ensures that DNS content cannot be modified from its source without being detected. ​
Line 21: Line 21:
 If you want to configure DNSSEC yourself: If you want to configure DNSSEC yourself:
  
-  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​d/​vanhau.net/​dnssec/+  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​
   * Registry do not support the same algorithms   * Registry do not support the same algorithms
   * All DNS servers (clients) do not verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration   * All DNS servers (clients) do not verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration