DNS/DNSSEC/security-dns.netについて、ここに記述してください。
http://www.security-dns.net/about.html
DNSSEC has been designed to protect Internet resolvers (users) from forged DNS data.
- All answers in DNSSEC are digitally signed.
- By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server.
- While protecting IP addresses is the immediate concern for many users, DNSSEC can protect other information such as general-purpose cryptographic certificates, including those for email, making it possible to use DNSSEC as a worldwide public key infrastructure for email.
DNSSEC does not protect the security of data in that all DNSSEC responses are authenticated but not encrypted.
DNSSEC does not protect against Denial of Service attacks directly, though it indirectly provides some benefit;
- However, the demands DNSSEC places on Internet infrastructure could make DNSSEC a tool for DoS attacks.