Skip to Main Content
Managing Mission - Critical Domains and DNS
book

Managing Mission - Critical Domains and DNS

by Mark E.Jeftovic
June 2018
Intermediate to advanced content levelIntermediate to advanced
368 pages
11h 1m
English
Packt Publishing
Content preview from Managing Mission - Critical Domains and DNS

NSEC/NSEC3

While RRSIG records prove the authenticity of a DNS record that exists, there also needs to be a method to authenticate the non-existence of a given record. In other words, we need to be able to sign NXDOMAIN responses.

The initial implementation of this used the NSEC record (Next SECure):

The records in the zone are sorted into canonical order and an NSEC record is computed for each one.

The format of the NSEC RR is:

<OWNER-NAME> TTL IN NSEC <NEXT-LABEL> <RR-TYPES>

Given a bar.example.dom record with the SRV, TXT, MX and NS RRs, and the next record in the zone being foo.example.dom, the resultant accompanying NSEC record would be:

bar.example.dom. 3600 IN NSEC foo.example.dom. NS SRV TXT MX RRSIG NSEC

A bar.example.dom query for ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Raymond Lacoste, Ramiro Garza Rios, Bradley Edgeworth, Jasos Gooley
Zero Trust Security: An Enterprise Guide

Zero Trust Security: An Enterprise Guide

Jason Garbis, Jerry W. Chapman
Cybersecurity - Attack and Defense Strategies

Cybersecurity - Attack and Defense Strategies

Yuri Diogenes, Dr. Erdal Ozkaya

Publisher Resources

ISBN: 9781789135077Other