DNSSEC is not about encryption, it's about crypto signing of records.If the DNS record is changed encryption is not going to help.
I sticking with QUAD9 for now.
Sent from my P027 using Tapatalk
DNSSEC is not about encryption, it's about crypto signing of records.If the DNS record is changed encryption is not going to help.
I sticking with QUAD9 for now.
DNSSEC is not about encryption, it's about crypto signing of records.
Sent from my P027 using Tapatalk
They can also steal valid encryption certificates for an organization's domain names.
I for one have learnt something new today.The signing keys are stored on root servers, not on your computer or your upstream server.
I don't think you understand how DNSSEC works - I recommend reading up on it. Again, you are mixing up technologies like DoT/DoH, and DNSSEC. The signing keys are stored on root servers, not on your computer or your upstream server. The chances of these servers getting compromised are slim to none.
How many root servers are there around the world?
I don't remember however if the keys are on the actual root servers, or on the TLD root servers.
Keys are part of the domain record - for "example.org", the keys are there...
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
S | Is there good VPN tunnel plain DNS filtering software for Windows? | General Network Security | 2 | |
Microsoft plans to lock down Windows DNS - ZTDNS | General Network Security | 5 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!