security
Click on the red underlined text to get to the source
... DNS) in RFC 2136prop, but without a detailed description of
security for those updates. Means of securing the DNS and using it
for key distribution ...
...
This memo proposes techniques based on the defined DNS security
mechanisms to authenticate DNS ...
... RFC1034, RFC1035] is assumed.
Familiarity with the DNS security and dynamic update proposals will
be helpful.
...
... Overview of DNS Security ...
... Server Workload | Low | High
-------------------------+--------------------+-------------------
Static Data Security | Very High | Medium-High
-------------------------+--------------------+-------------------
Dynamic Data Security ...
... Security | Very High | Medium-High
-------------------------+--------------------+-------------------
Dynamic Data Security | Medium | Medium-High
-------------------------+--------------------+-------------------
Key Restrictions | Fine grain | Coarse grain
...
... For mode A, the zone owner key and static zone master file are always
kept off-line for maximum security of the static zone contents.
...
... dynamically added data. Thus, for type A dynamic secure zones, zone
transfer security is not automatically provided for dynamically added
RRs, where they could be omitted, and authentication ...
... SIG) is more effort
than verifying a signature. The security of static data in the zone
is decreased because the ultimate state of the static data being
...
... Security Considerations ...
... Eastlake, D., and C. Kaufman, "Domain Name System Security Extensions", RFC 2065(-> 2535(-> 4035prop | 4034prop | 4033prop)), CyberCash, Iris, January 1997. ...