ScholarQuill logoScholarQuillUniversity Notes
  • Notes
  • Past Papers
  • Blogs
  • Todo
Login
ScholarQuill logoScholarQuillUniversity Notes
Login
NotesPast PapersBlogsTodo
More
SubjectsDiscussionCGPA CalculatorGPA CalculatorStudent PortalCourse Outline
About
About usPrivacy PolicyReportContact
Notes
Past Papers
Blogs
Todo
Analytics
    Current Subject
    🧩
    Network Security
    ITEC4147
    Progress0 / 24 topics
    Topics
    1. Introduction to network security2. Networking Concepts and Protocols3. Network Threats and Vulnerabilities4. Network Security Planning and Policy5. Access Control6. Defense against Network Attacks7. DOS and DDOS detection and prevention8. Firewalls9. Intrusion Detection and Prevention Systems10. Antivirus Filtering11. Naming and DNS Security, DNSSEC12. IP security13. Secure Sockets Layer14. VPN15. Packet Sniffing and spoofing16. Honeypot17. Ethernet Security18. Wireless Security and Wireless Attacks19. Wireless LAN Security with 802.11i20. Wireless Security Protocols21. Wireless Intrusion Detection22. Physical access and Security23. Tor Network24. Network Forensics
    ITEC4147›Naming and DNS Security, DNSSEC
    Network SecurityTopic 11 of 24

    Naming and DNS Security, DNSSEC

    4 minread
    654words
    Beginnerlevel

    📘 Naming and DNS Security, DNSSEC — Exam Notes (Network Security)


    🌐 1. Introduction to Naming System

    🔹 Domain Name System (DNS)

    The Domain Name System (DNS) is a hierarchical naming system that translates:

    • Domain names (e.g., google.com) → IP addresses (e.g., 142.250.x.x)

    👉 Simple idea: DNS works like the phonebook of the internet.


    🎯 2. Why DNS is Important?

    • Humans use names, computers use IP addresses
    • DNS makes internet navigation easy
    • Supports websites, email, and online services

    ⚠️ 3. DNS Security Issues (Threats)

    DNS is a critical target for attackers because it controls internet naming.

    🔸 1. DNS Spoofing / Cache Poisoning

    • Fake DNS data is inserted into cache
    • Users are redirected to malicious websites

    🔸 2. DNS Hijacking

    • Attacker changes DNS settings
    • Users are redirected without knowledge

    🔸 3. DDoS on DNS Servers

    • Overloads DNS servers
    • Makes websites unreachable

    🔸 4. DNS Tunneling

    • Uses DNS queries to secretly transfer data
    • Used for data theft or malware communication

    🔐 4. DNS Security Goals

    • Ensure data integrity (no tampering)
    • Ensure authenticity (correct source)
    • Prevent spoofing attacks
    • Maintain availability of DNS service

    🛡️ 5. DNS Security Measures

    🔹 1. Secure DNS Configuration

    • Restrict zone transfers
    • Disable open recursion

    🔹 2. Firewalls

    • Filter malicious DNS traffic

    🔹 3. Monitoring and Logging

    • Detect unusual DNS behavior

    🔹 4. Encryption (DNS over HTTPS / TLS)

    • Protect DNS queries from interception

    🔐 6. What is DNSSEC?

    🔹 Definition

    DNSSEC (Domain Name System Security Extensions) is a set of security protocols that adds cryptographic protection to DNS to ensure data is authentic and untampered.

    👉 Simple idea: DNSSEC adds a digital signature to DNS data.


    🎯 7. Objectives of DNSSEC

    • Verify DNS data authenticity
    • Prevent DNS spoofing and cache poisoning
    • Ensure data integrity
    • Build trust in DNS responses

    🔑 8. How DNSSEC Works

    DNSSEC uses public key cryptography.

    Steps:

    1. DNS record is created
    2. A digital signature (RRSIG) is generated
    3. Public key is stored in DNS
    4. Resolver checks signature before trusting data
    5. If valid → accept response If invalid → reject response

    📊 9. Key Components of DNSSEC

    🔹 1. Zone Signing Key (ZSK)

    • Signs DNS records in a zone

    🔹 2. Key Signing Key (KSK)

    • Signs the ZSK

    🔹 3. RRSIG Record

    • Stores digital signature

    🔹 4. DNSKEY Record

    • Stores public key

    🔹 5. DS Record (Delegation Signer)

    • Links parent and child zones

    🧠 10. DNSSEC Validation Process

    1. Resolver requests domain
    2. Receives DNS response + signature
    3. Checks signature using public key
    4. Valid → data accepted
    5. Invalid → data rejected

    ⚠️ 11. Limitations of DNSSEC

    • Does NOT provide encryption (only authentication)
    • Complex to implement
    • Requires key management
    • Slight performance overhead

    🖼️ 12. Diagram Descriptions

    📌 DNS Resolution Flow

    • User → DNS Resolver → Root → TLD → Authoritative Server → IP

    📌 DNSSEC Validation

    • DNS Response → Signature Check → Accept/Reject

    📌 DNS Attack vs DNSSEC Protection

    • Attack: Fake response injected
    • DNSSEC: Signature verification blocks it

    🧾 13. Real-Life Examples

    • 🌐 Secure websites using DNSSEC-enabled domains
    • 🏦 Banks preventing fake website redirection
    • 📧 Email systems verifying domain authenticity
    • 🏢 Government websites using DNSSEC for protection

    📝 Likely Exam Questions

    1. Define DNS and its importance.
    2. What are common DNS security threats?
    3. Explain DNS spoofing and cache poisoning.
    4. What is DNSSEC?
    5. Explain working of DNSSEC with diagram.
    6. What are components of DNSSEC?
    7. Differentiate between DNS and DNSSEC.
    8. What are advantages and limitations of DNSSEC?
    9. How does DNSSEC prevent attacks?
    10. Write short notes on:
    • DNS hijacking
    • DNS tunneling
    • RRSIG and DNSKEY

    📌 Quick Summary / Conclusion

    • DNS translates domain names to IP addresses.
    • It is vulnerable to attacks like spoofing, hijacking, and DDoS.
    • DNS security focuses on integrity, authenticity, and availability.
    • DNSSEC adds cryptographic signatures to protect DNS data.
    • It ensures users reach the real and trusted website, not fake ones.

    👉 In short: DNSSEC strengthens DNS by adding digital signatures, preventing tampering and ensuring secure domain name resolution.


    Previous topic 10
    Antivirus Filtering
    Next topic 12
    IP security

    Past Papers

    Open this section to load past papers

    Click on Show Past Papers to see past papers.
    On This Page
      Reading Stats
      Est. reading time4 min
      Word count654
      Code examples0
      DifficultyBeginner