Week 5: Domain Name System Security



  • History of DNS security
  • Chain of trust
  • Signatures and keys
  • Delegation signers
  • Proving negative replies
  • Wildcards and empty non-terminals


  • Setting up your own secure domain
  • Delegating secure subdomains



  • RFC 4033, DNS Security Introduction and Requirements
  • RFC 4034, Resource Records for the DNS Security Extensions
  • RFC 4035, Protocol Modifications for the DNS Security Extensions
  • RFC 5155, DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
  • RFC 6781, DNSSEC Operational Practices, Version 2
  • RFC 6840, Clarifications and Implementation Notes for DNS Security (DNSSEC)
  • RFC 6841, A Framework for DNSSEC Policies and DNSSEC Practice Statements
  • RFC 6944, Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status
  • RFC 7129, Authenticated Denial of Existence in the DNS
  • RFC 7344, Automating DNSSEC Delegation Trust Maintenance
  • RFC 7626, DNS Privacy Considerations

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.