3.6 DNS Security Protocols
This section will deal with the protocols specifying DNS security. An important thing is that currently the most widely used BIND version 9 DNS server (the name server) supports the majority of these protocols. DNSsec and TIG are the basic mechanisms.
3.6.1 DNSsec
DNSsec is an extension of DNS specified in RFC 2535 that deals with the basic issues of DNS security. Within the domain tree, we can secure certain domains of lower class by using DNSsec. The ideal case would be if security began at the root name servers going up through the whole DNS tree, all the way to the names of individual computers, mail proxies (MX records), or other names listed in DNS. But this is a promise of the future.
We have to realize that DNSsec is not, for operational purposes, divided into domains, but into zones. The zone is an area administered by a particular name server. Since security will be provided for certain name servers with their respective administrators, the relevant public...
