Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:web:domain-name:dnssec [2018/07/17 16:12]
dedibox
en:web:domain-name:dnssec [2018/08/01 18:11] (current)
dedibox
Line 3: Line 3:
 ==== About DNSSEC ? ==== ==== About DNSSEC ? ====
  
-Domain Name System (DNS) since its design in 1983 is vulnerable to attacks. ​Specifically,​ to the ability of attackers ​to falsify responses to queries to the DNS thus allowing attackers ​to redirect end users to Web sites under their own control.+Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. ​Attackers are able to falsify responses to queries to the DNS which allow them to redirect end users to Web sites under their own control.
  
-In response to these threats, DNSSEC cryptographically ​ensure ​that DNS content cannot be modified from its source without being detected. ​+In response to these threats, DNSSEC cryptographically ​ensures ​that DNS content cannot be modified from its source without being detected. ​
 DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected. ​ DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected. ​
  
Line 12: Line 12:
 DNSSEC involves : DNSSEC involves :
  
-  * the domain'​s ​dns server+  * the domain'​s ​DNS server
   * the registrar   * the registrar
   * the registry   * the registry
-  * the provider'​s ​dns server+  * the provider'​s ​DNS server
  
-Outside case 1, DNSSEC should be used by experimented people because of the propagation time or dns cache. ​+Outside case 1, DNSSEC should be used by experimented people because of the propagation time or DNS cache. ​
  
-If you want to configure DNSSEC yourself :+If you want to configure DNSSEC yourself:
  
-  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​d/​vanhau.net/​dnssec+  * Always use external tools such as https://​dnssec-analyzer.verisignlabs.com/​ or http://​dnsviz.net/​ 
-  * Registry ​don'​t ​support the same algorithms +  * Registry ​do not support the same algorithms 
-  * All dns servers (clients) ​don'​t ​verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration+  * All DNS servers (clients) ​do not verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration
  
  
 ==== Configuration ====  ==== Configuration ==== 
  
-=== Case 1 - Domain and Dns managed by Online ===+=== Case 1 - Domain and DNS managed by Online ===
  
 == Activation == == Activation ==
  
-IF your extension ​allow that, you can activate by clicking the button+If your extension ​allows ​that, you can activate by clicking the button
  
 {{:​fr:​web:​domain-name:​dnssec_form_cas1_activation.png?​800|}} {{:​fr:​web:​domain-name:​dnssec_form_cas1_activation.png?​800|}}
Line 42: Line 42:
 {{:​fr:​web:​domain-name:​dnssec_form_cas1_desactivation.png?​800|}} {{:​fr:​web:​domain-name:​dnssec_form_cas1_desactivation.png?​800|}}
  
-=== Case 2 - Domain is managed by Online with your own dns server ​ ===+=== Case 2 - Domain is managed by Online with your own DNS server ​ ===
  
 {{:​fr:​web:​domain-name:​dnssec_form_cas2.png?​800|}} {{:​fr:​web:​domain-name:​dnssec_form_cas2.png?​800|}}
Line 53: Line 53:
 == Desactivation == == Desactivation ==
  
-Click on "​DELETE DS RECORDS"​ to ask for deletion on the registry. After that it is up to you to delete on the dns server+Click on "​DELETE DS RECORDS"​ to ask for deletion on the registry. After that it is up to you to delete on the DNS server