DNSSec Explained
Ғылым және технология
In this video I diagrammatically show how DNSSec works. We’ll look at DNS functionality, DNS referrals, spoofing and man-in-the-middle attacks, asymmetric key cryptography (public key cryptography), digital signatures, zone signing keys, key signing keys, DS records, and more.
Пікірлер: 57
I was looking up for your blog. RIP, you are making an impact event after you left this world! amazing explanation.
Very well presented. Have seen a lot of content for DNSSec but havent found anything as clear and concise as this.
Terribly good explained. There are tons of videos pretending to explain DNSSec, yours do it for real!!! Very well done. Thanks a lot.
Great explanation, I lost some hours trying to understand the DNSSec and now, I got everything I need. Thanks for the good material.
This was great! Clear explanations.Thanks for taking the time to make this.
bravo! clear, quick, intense. interetesting !
The best explanation of DNSSEC on youtube
Thank you for the awesome explanation!
Very well explained. Thank you !!!
Yooo man You are the real MVP Current MCSA books don't give a thing about this terminology and explanation Edit: I don't have any DNS practice, and i was struggling understanding DNSSEC from 70-741 exam Thanks a lot
Best video on the subject, thank you for the explanation.
A very clear explanation! Thank you good sir!
Great job interpreting DNSSec for secure domains. Google's future prospects on the Internet include encryption - a secure connection (HTTPS) is required for all websites. Google has implemented unsafe warnings for domains. Google will block (HTTP) domains next year or so.
Thanks for such a simple and clear explanation.
very good video. cleared the concept . cloudflare also has some good articles / blogs written on dnssec and complexities it brings in.this video and those blogs should be good starting point for everyone
This is a great video, but it would be even better, if you highlighted the parts you are currently talking about (since it is a bit difficoult to orientate in all the items). Anyway thanks for the explanation, it helped a lot.
Awesome Explanation...Kudos.
Motivation of DNSSEC and also its detailed explanation. Also, the difference between iterative and recursive dns queries.
Does this mean dnssec is not depended on HTTPS digital signatures? so digital signatures we receive on HTTPS are different to digital certificate of DNSSEC?
Awesome slides Daniel
@9:02 why not just encrypt the request with the root pubksk, then send it to the root server, with your own public-key?
Thanks indeed for this explanation. DNSSEC still does not give the impression of a simple system. Could that be the reason for the limited implementation?
thank you sooooo much that was awesome
Daniel, can you please share the reference/blog links. your information really helped a lot. Great work 👍
Fantastic explanation! Somebody needs to put you in charge of something. You know what you're talking about.
If there's a malicious server pretending to be the original one, isn't there a way to know the difference between them, for example, in the URL?
Great video
A goog presentation does not make its presenter obsolete. This does! A more visually supportive presentation would have been miles better and easier to create.
why can't the Root zone, be the one to comunicate to the TLD, then the TLD comminicate with the DBL zone, all using dnssec, then the root reply with the correct answer?
@Stilgarsan
5 жыл бұрын
This would put extra strain on the root servers. The DNS protocol is designed to avoid such things.
good stuff
thanks a lot!
Great video even dummy as me got it.
Great video but I would recommend raising the volume a bit. I struggled to hear you even with my volume all the way up. I appreciate the effort regardless!
Thanks so much, very helpful. If it's still completely valid, you may want to upload it afresh, to have a newer date.
on 4:05 your picture says that Jamie Lee does decrypt a digest encrypted by Arnolds private key by using Arnold's public key. By definition you can not decrypt with a public Key. i think you meant that Jamie Lee does encrypt the hash of the sent document and then compare that to the send encrypted digest. am i right ?
@Sevlowwolf
6 жыл бұрын
I'm a little confused by this question. in asymmetrical cryptography you encrypt something using your own private key, then can send it to whomever you like and include your public key. In the example Jamie Lee can then run his own hash on the document, and run another hash on the decrypted digest using the public key and if they both match, this ensures integrity.
@pazi95
6 жыл бұрын
I think the correct terminology should have been that Arnold generates a digital signature using his private key, and then Jamie Lee verifies that signature using Arnold's public key. For encryption, the key pair would be used the opposite way, the public key is used to encrypt which can then be decrypted using the private key.
"Who needs it?" "Everyone!"
Very well made slides! Although I don't really think there's a point to making this a video/narrating over it if you just read completely off the slides.
You have to study this to get it all but the gist of it is clear - DNSSEC makes it harder to hijack a web request by having domain name servers retain records for a domain that allow an independent server to validate it before the user connects with it.
Very nice presentation.. but perhaps you forgot to explain what is DNSKey
cool
"special shoutout to al gore" omegalul xDD
Good attempt and appreciate your effort , BUT the font on slides is so hard to read and wrong colour scheme used for the diagrams.
DNS sec starts at kzread.info/dash/bejne/kWyBwdiudsbKirg.html
very low volume+++++++++++
(deleted)
@mcnogard1552
7 жыл бұрын
3:24 I disagree with this. If Arnold hash using Arnolds private key, then everyone can decrypt Arnolds message with Arnolds public key.
@mcnogard1552
7 жыл бұрын
What should have happened is that Arnold use Jamie Lee's public key to hash his message, then Jamie Lee can open the message with his private key. But nobody else can see the message.
@danielbenway6599
7 жыл бұрын
I’m afraid you’re incorrect. If you do a little bit more research, I think you’ll see why.It seems that you might be confusing the asymmetric key encryption (public key encryption) of a document with the digital signing of a document.Next, consider the following thought experiment: if Arnold wanted to digitally sign an unencrypted document and then give it to millions of different recipients, how would he sign that document?Lastly, I prefer to answer these questions on my blog.Thanks, and have a great day!
@mcnogard1552
7 жыл бұрын
So DNSsec is not using RSA for signing?
Very complicated explanation, not so clear. Lacks some real examples including real keys and records. Too theoretical
Awesome thanks for helping my understand dnssec better!