lo, On Monday 30 May 2005 19:33, Thilo Bangert wrote: > okay, but how does DNSSEC help you establish that? and what is it that > you are securing...
By cryptographically signing zones you can be assured of the integrity of the domains. You are basically securing yourself against dns spoofing. Google around for more information on the benefits of dnssec. > > i don't know much about DNSSEC, but > from my understanding can DNSSEC establish cryptographic authority about > a DNS record, iff you can trust the master of the zone. since non of > the root servers supports DNSSEC, your zone can still be subject to > forgery... > > or are you running your own root zone? i guess using split-horizon > resolvers could be another setup in which this would work... ? Running our own root zone. On a side note courses such as (http://secure.interop.com/catalog/sessionDetail.do?SESSION_ID=1087) more information about DNSSEC. b -- Benjamin Smee (strerror) 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C
pgpBKKyqHpiOX.pgp
Description: PGP signature
