SIG resource record
Printer Friendly Format
Bookmark this page
Back to "Domain Name System"With SIG resource record and/or Signature resource record can be signed in the framework by DNSSEC (DNS Security) arbitrary resource record digitally. The SIG type is not any more the used and 2004 by the almost identical RRSIG resource record was replaced.
Background
A user, who receives to a DNS Request an answer (e.g. a IP address), cannot be not safe that the answer also really comes from a regular name server and that it was not falsified on the route of transportation. The solution is to sign resource record digitally.
A digital signature presupposes a publication IC key procedure. The name server, which is autoritativ as masters for an DNS entry, signs this with its private key. Resolvers can verifizeren the digital signature at any time, if they know the public key of the name server.
Structure
A SIG resource record consists of the following fields:
Name of the digitally signed RRsAktuelle TTL indicates, like for a long time this entry in the Cache to be held darfClass always INKEYTyp of the signed RR - e.g. A, LV, (1=MD5,2=Diffie-Hellman, 3=DSA) number of name components for Wildcard dissolution - sees to RFC 2535TTL at the time the signature start time starting from that the signature valid istEndzeitpunkt up to that the signature valid isteindeutige number over between several signatures to differentiation name signer-actual signatureExample
In this example a A-RR is digitally signed:
www.child.ex ample. 1285 IN A 1.2.3.15 www.child.ex ample. 1285 SIG (A; Type is A-RR 3; DSA Encryption 3; Name has 3 components 1285; Original TTL 20040327122207; Start time 20040226122207; End-time 22004; clear number child.example. ; Name of the signer BMTLR80WnKndatr77OirBtprR9SLKoZUiPWX U5kViDi+5amYW/GFCp0=)
Related links
- RFC 2535 - DNS Security Extension
Back to topArticles in category "SIG resource record"
We found here 6 articles.
S» SIG resource record» SOA resource record » SPF resource record » SRV resource record » Subdomain » SWITCH |
Related Websites
We found here 5 related websites.
- 2.3.1 The SIG Resource Record
The syntax of a SIG resource record (signature) is described in Section 4. It includes the type of the RR(s) being signed, the name of the signer, ... - 4. The SIG Resource Record
The SIG or "signature" resource record (RR) is the fundamental way that data is authenticated in the secure Domain Name System (DNS). ... - Net::DNS::RR::SIG - DNS SIG resource record - search.cpan.org
Class for DNS Address (SIG) resource records. In addition to the regular methods in the Net::DNS::RR the Class contains a method to sign RRsets using ... - Net::DNS::RR::SIG - DNS SIG resource record - search.cpan.org
Class for DNS Address (SIG) resource records. In addition to the regular methods in the Net::DNS::RR the Class contains a method to sign RRsets using ... - Zvon - RFC 2535 [Domain Name System Security Extensions] - The SIG ...
The SIG or "signature" resource record (RR) is the fundamental way that data is authenticated in the secure Domain Name System (DNS). ...
Index | Privacy | Terms Of Use | Sitemap | Feedback
