DNS 101 Miniseries - #7 - DNSSEC Chain of Trust

Показать описание

DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it's not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data.

This video shows how the chain of TRUST is created between PARENT and CHILD zones within DNS.

FOLLOW ME 😺

OTHER VIDEOS AND PLAYLISTS 🎞

All rights reserved © 2022 Adrian Cantrill

Рекомендации по теме

Комментарии

thank you Adrian . You are a blessing for the IT world . I follow you on linkedin, slack . I live in France .

jean-patricktemanin

great videos, the best found so far, excellent job. Great EVERYTHING!

JoseGuzmanRomero

Now I can't imagine explaining chain of trust to someone without referring notes 💀
It is complex, and flow goes here and there

nijuyonkadesu

Great video, thank you for this high quality content

mohamednaitmoussa

I have question, so if i modify/change any DNS record or if i add any new entry, do i need to regenerate the DS?

LryuzakiLN

Hi, great video lessons its easy to follow and understand. I have a question tho how is the ksk generated and if we want to change our zones ksk we need to involve the parent zone and update its ds records?

guysgofish

thank you so much, and I have a little question, why should a zone have a its own public ksk in its dnskey rrset?

real-tee

I just didnt get one thing, does the end user that originate the request has to verify the chain of trust as well?

vegario

I'm very very new to IT and also new to blockchain tech, but just from my very very basic understanding of the two, it seems like blockchain would streamline this (to me) very complicated process.

As a side note... My personal key chain has my car key fob and my apartment key fob. I don't like carrying too many keys in my pocket and DNSSEC has wayyyy too many keys =P haha!

admondallo

So thought id write this out
You get a RRSET, need to verify its real? how, check for the RRSIG for it- use the RRSIG to verify the RRSET is real, how? use the ZSK (DNSKEY 256) to check the RRSIG. Need to verify the ZSK is real, how? Check for the ZSK RRSIG, use the ZSK RRSIG to verify its real, how? use the KSK (DNS KEY 257), how to verify the KSK is real? Oh there's a DS record in parent that's a hash.. how to verify that is real - check the RRSIG (Start again) - let me know if it helps

T-Sav

DNS 101 Miniseries - #7 - DNSSEC Chain of Trust

DNS 101 Miniseries - #7 - DNSSEC Chain of Trust

DNS 101 Miniseries - #8 - The DNSSEC Root Signing Ceremony - the most important meeting ever

DNS 101 Miniseries - #2 - Why DNS needs a complex architecture!

DNS 101 Miniseries - #5 - Why do we need DNSSEC

DNS 101 Miniseries - #6 - How DNSSEC Works within a Zone

DNS 101 Miniseries - #4 - What happens when a domain is registered?

DNS 101 Miniseries #3 - How DNS actually works ... walking the tree

DNS 101 Miniseries - #9 - Implementing DNSSEC With Amazon Route 53

17 DNS 101

What are hardware security modules (HSM), why we need them and how they work.

70-741 Revision - DNS - Socket Pool

DNS & DNSSEC Tutorial 1

HOW TO CONFIGURE DNSSEC IN WINDOWS SERVER

DNSSEC Downgrade Attacks

Intro Video of my channel ( DS Records )

What is DNS Hijacking - How to Protect Yourself?

Prague 2022 ▶︎ Advanced DNS Hacking with DNS Exfiltration

DevOps & SysAdmins: verisign error -＞ Query to DNSKEY timed out or failed

DNSSEC Zone Signing Key (ZSK) (2 Solutions!!)

Home Lab Tour | Networking 101

⁉️ DNSSEC là gì? What is #DNSSEC?

Unix & Linux: How do I generate TLSA records?

How The Internet Works - CompTIA Network+ N10-008 Course - Part Two

DNSSEC-Nodes Demonstration