DNSSEC in Practice: Using DNSSEC-Tools to Deploy DNSSEC

Abstract

The Domain Name System (DNS) is one of the core infrastructure components of the Internet. DNS data is also trivial to spoof. The security extensions to DNS (DNSSEC) provide a mechanism for users to verify the origin authenticity and integrity of DNS data based on cryptographic signatures. DNSSEC as a technology has steadily matured over the past several years and a number of tools and services that facilitate performing DNSSEC-related operations have emerged during this period. This paper gives an overview of using existing tools and utilities from the DNSSEC-Tools 1 suite to build environments that support DNSSEC along the complete path from the authoritative name server where domain data resides to the end-application that uses DNS data.