Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
en:web:domain-name:dnssec [2018/07/17 16:10]
dedibox created
en:web:domain-name:dnssec [2018/08/01 18:11] (current)
dedibox
Line 3: Line 3:
 ==== About DNSSEC ? ==== ==== About DNSSEC ? ====
  
-Domain Name System (DNS) since its design in 1983 is vulnerable to attacks. ​Specifically,​ to the ability of attackers ​to falsify responses to queries to the DNS thus allowing attackers ​to redirect end users to Web sites under their own control.+Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. ​Attackers are able to falsify responses to queries to the DNS which allow them to redirect end users to Web sites under their own control.
  
-In response to these threats, DNSSEC cryptographically ​ensure ​that DNS content cannot be modified from its source without being detected. ​+In response to these threats, DNSSEC cryptographically ​ensures ​that DNS content cannot be modified from its source without being detected. ​
 DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected. ​ DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected. ​
  
Line 12: Line 12:
 DNSSEC involves : DNSSEC involves :
  
-  * the domain'​s ​dns server+  * the domain'​s ​DNS server
   * the registrar   * the registrar
   * the registry   * the registry
-  * the provider'​s ​dns server+  * the provider'​s ​DNS server
  
-Outside case 1, DNSSEC should be used by experimented people because of the propagation time or dns cache. ​+Outside case 1, DNSSEC should be used by experimented people because of the propagation time or DNS cache. ​
  
-If you want to configure DNSSEC yourself :+If you want to configure DNSSEC yourself:
  
-  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​d/​vanhau.net/​dnssec+  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​ 
-  * Registry ​don'​t ​support the same algorithms +  * Registry ​do not support the same algorithms 
-  * All dns servers (clients) ​don'​t ​verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration+  * All DNS servers (clients) ​do not verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration
  
  
 ==== Configuration ====  ==== Configuration ==== 
  
-=== Case 1 - Domain and Dns managed by Online ===+=== Case 1 - Domain and DNS managed by Online ===
  
 == Activation == == Activation ==
  
-IF your extension ​allow that, you can activate by clicking the button+If your extension ​allows ​that, you can activate by clicking the button
  
 {{:​fr:​web:​domain-name:​dnssec_form_cas1_activation.png?​800|}} {{:​fr:​web:​domain-name:​dnssec_form_cas1_activation.png?​800|}}
Line 40: Line 40:
 Click the button to delete DNSSEC, for security, it is advised to wait 48 hours before addding it again Click the button to delete DNSSEC, for security, it is advised to wait 48 hours before addding it again
  
-{{:​fr:​web:​domain-name:​dnssec_formulaire_cas1_desactivation.png?800|}}+{{:​fr:​web:​domain-name:​dnssec_form_cas1_desactivation.png?800|}}
  
-=== Case 2 - Domain is managed by Online with your own dns server ​ ===+=== Case 2 - Domain is managed by Online with your own DNS server ​ ===
  
 {{:​fr:​web:​domain-name:​dnssec_form_cas2.png?​800|}} {{:​fr:​web:​domain-name:​dnssec_form_cas2.png?​800|}}
Line 53: Line 53:
 == Desactivation == == Desactivation ==
  
-Click on "​DELETE DS RECORDS"​ to ask for deletion on the registry. After that it is up to you to delete on the dns server+Click on "​DELETE DS RECORDS"​ to ask for deletion on the registry. After that it is up to you to delete on the DNS server