Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft / Windows

Windows

Windows 7 Domain Name System

More than just basic support for the DNS Security Extensions (DNSSEC)

By Marius Oiaga, Technology News Editor

12th of November 2008, 18:41 GMT

Adjust text size:


Windows 7 comes with more than just basic support for the DNS Security Extensions (DNSSEC)
Enlarge picture
Windows 7 and Windows 7 Server (Windows Server 2008 R2) are due to come, bringing to the table enhancements designed to increase the security of Domain Name System (DNS) infrastructures. In this regard, DNS Security Extensions (DNSSEC) proposes a solution for delivering increased protection. Testing DNSSEC at this point in time is rather simple, since Microsoft made available the bits for Windows 7 pre-Beta Build 6801 at the Professional Developers Conference 2008 and at the Windows Hardware Engineering Conference 2008.

“DNSSEC is a suite of security extensions to the DNS, which provide origin authority, data integrity and authenticated denial of existence. Putting that in plain English, DNSSEC allows for a DNS zone to be cryptographically signed (which produces digital signatures), and provides a mechanism for validating the authenticity of the data received using these digital signatures. Validating resolvers and servers must be pre-configured with a Trust Anchor, using which a ‘chain of trust’ will be established to the signed zone. Data from this signed zone can then be validated,” explained Shyam Seshadri, program manager, Windows Core Networking.

Seshadri refers to the Windows 7 DNS client as a non-validating security-aware stub resolver. This means that, in the successor of Windows Vista, the DNS client is intimately connected with the DNS server. Because the client is unable of performing DNSSEC validation on its own, it has to turn to the server for this specific task.

“One positive side-effect of this is that Trust Anchors do not need to be configured on the clients, thus saving a big chunk of the deployment burden. It is, however, security-aware, so it will expect the configured DNS server to indicate results of the validation when returning the response. This is done so by setting the ‘AD’ bit in the response. If the DNS server failed to validate successfully (indicated by the AD bit not being set in the response), the DNS client will fail the query,” Seshadri added.

In its turn, the DNS server is not only capable of generating keys, but also of taking advantage of a sign-tool in order to sign DNS zones.

TAGS:

 Windows 7 | DNS | DNSSEC
Read by 2,448 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Microsoft Windows Mobile 6.1.4 Emulator Images

Download Free Windows Essential Business Server 2008 Standard

Leaked Windows 7 Ultimate Pre-Beta Build 6801 Activation Keys Available

MeshPack: Applications for Live Mesh

Windows 7 User Interface and Interaction

Download Free Windows Server 2008 Evaluation Virtual Hard Drive Images

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive