DNSSec Explained

Поделиться
HTML-код
  • Опубликовано: 22 авг 2024
  • In this video I diagrammatically show how DNSSec works. We’ll look at DNS functionality, DNS referrals, spoofing and man-in-the-middle attacks, asymmetric key cryptography (public key cryptography), digital signatures, zone signing keys, key signing keys, DS records, and more.

Комментарии • 59

  • @keerthisreenivaskonjety1897
    @keerthisreenivaskonjety1897 4 месяца назад +8

    I was looking up for your blog. RIP, you are making an impact event after you left this world! amazing explanation.

  • @pstz_800
    @pstz_800 20 дней назад

    Thank you, Daniel, nobody opened DNSSEC like you. Thanks a million ❤

  • @luislo01
    @luislo01 5 лет назад +4

    Terribly good explained. There are tons of videos pretending to explain DNSSec, yours do it for real!!! Very well done. Thanks a lot.

  • @chennaikidi
    @chennaikidi 5 лет назад +3

    Very well presented. Have seen a lot of content for DNSSec but havent found anything as clear and concise as this.

  • @rafafilho11
    @rafafilho11 3 года назад +1

    Great explanation, I lost some hours trying to understand the DNSSec and now, I got everything I need. Thanks for the good material.

  • @Protonumus
    @Protonumus 4 года назад +3

    Great job interpreting DNSSec for secure domains. Google's future prospects on the Internet include encryption - a secure connection (HTTPS) is required for all websites. Google has implemented unsafe warnings for domains. Google will block (HTTP) domains next year or so.

  • @thebpandey
    @thebpandey 6 лет назад +6

    This was great! Clear explanations.Thanks for taking the time to make this.

  • @Ali-ok8yn
    @Ali-ok8yn 3 года назад

    The best explanation of DNSSEC on youtube

  • @tomasplachy884
    @tomasplachy884 4 года назад +4

    This is a great video, but it would be even better, if you highlighted the parts you are currently talking about (since it is a bit difficoult to orientate in all the items).
    Anyway thanks for the explanation, it helped a lot.

  • @Pedro-fd9tv
    @Pedro-fd9tv Год назад

    Best video on the subject, thank you for the explanation.

  • @colunizator
    @colunizator 6 лет назад

    Yooo man
    You are the real MVP
    Current MCSA books don't give a thing about this terminology and explanation
    Edit:
    I don't have any DNS practice, and i was struggling understanding DNSSEC from 70-741 exam
    Thanks a lot

  • @nahdude2457
    @nahdude2457 5 лет назад

    A goog presentation does not make its presenter obsolete. This does!
    A more visually supportive presentation would have been miles better and easier to create.

  • @threeone6012
    @threeone6012 3 года назад

    Fantastic explanation!
    Somebody needs to put you in charge of something. You know what you're talking about.

  • @KartikGajaria
    @KartikGajaria Год назад

    Thanks for such a simple and clear explanation.

  • @dankierson
    @dankierson Месяц назад

    You have to study this to get it all but the gist of it is clear - DNSSEC makes it harder to hijack a web request by having domain name servers retain records for a domain that allow an independent server to validate it before the user connects with it.

  • @vinylshetty1
    @vinylshetty1 4 года назад +1

    very good video. cleared the concept . cloudflare also has some good articles / blogs written on dnssec and complexities it brings in.this video and those blogs should be good starting point for everyone

  • @fantuznet
    @fantuznet 6 лет назад +2

    bravo! clear, quick, intense. interetesting !

  • @123norway
    @123norway Год назад

    A very clear explanation! Thank you good sir!

  • @alientezam18
    @alientezam18 4 года назад +1

    Very well explained. Thank you !!!

  • @pear7777
    @pear7777 11 месяцев назад

    "Who needs it?" "Everyone!"

  • @PETAJOULE543
    @PETAJOULE543 5 лет назад

    Motivation of DNSSEC and also its detailed explanation. Also, the difference between iterative and recursive dns queries.

  • @peterc.7841
    @peterc.7841 Год назад

    Thanks so much, very helpful. If it's still completely valid, you may want to upload it afresh, to have a newer date.

  • @saraibrown9649
    @saraibrown9649 3 года назад

    Great video but I would recommend raising the volume a bit. I struggled to hear you even with my volume all the way up. I appreciate the effort regardless!

  • @hamidullahmuslih6301
    @hamidullahmuslih6301 4 года назад +2

    thank you sooooo much that was awesome

  • @sheikhbaseer3799
    @sheikhbaseer3799 4 года назад

    Awesome Explanation...Kudos.

  • @allanjoarder27
    @allanjoarder27 8 лет назад +1

    Thank you for the awesome explanation!

  • @emiltarandash5056
    @emiltarandash5056 6 лет назад +8

    Very complicated explanation, not so clear. Lacks some real examples including real keys and records. Too theoretical

  • @faazk
    @faazk 7 лет назад +1

    Does this mean dnssec is not depended on HTTPS digital signatures? so digital signatures we receive on HTTPS are different to digital certificate of DNSSEC?

  • @artistsingerwriterproducer8288
    @artistsingerwriterproducer8288 18 дней назад

    Is it good or bad for an exclusive life?

  • @GoldenGecko
    @GoldenGecko 2 года назад

    good stuff

  • @IPv6people
    @IPv6people 2 года назад

    Thanks indeed for this explanation. DNSSEC still does not give the impression of a simple system. Could that be the reason for the limited implementation?

  • @CyberJuke5
    @CyberJuke5 5 месяцев назад

    If there's a malicious server pretending to be the original one, isn't there a way to know the difference between them, for example, in the URL?

  • @fbifido2
    @fbifido2 6 лет назад +1

    @9:02 why not just encrypt the request with the root pubksk, then send it to the root server, with your own public-key?

  • @Valdemore4
    @Valdemore4 3 года назад

    Great video

  • @jpdstan
    @jpdstan 7 лет назад +3

    Very well made slides! Although I don't really think there's a point to making this a video/narrating over it if you just read completely off the slides.

  • @ianporter9740
    @ianporter9740 3 года назад

    "special shoutout to al gore" omegalul xDD

  • @asheesha68
    @asheesha68 2 года назад

    Very nice presentation.. but perhaps you forgot to explain what is DNSKey

  • @cloudbuddytechsource8532
    @cloudbuddytechsource8532 3 года назад

    Daniel, can you please share the reference/blog links.
    your information really helped a lot. Great work 👍

  • @preetidutta5660
    @preetidutta5660 6 лет назад

    Awesome slides Daniel

  • @v1rtu4l
    @v1rtu4l 7 лет назад +3

    on 4:05 your picture says that Jamie Lee does decrypt a digest encrypted by Arnolds private key by using Arnold's public key. By definition you can not decrypt with a public Key. i think you meant that Jamie Lee does encrypt the hash of the sent document and then compare that to the send encrypted digest. am i right ?

    • @Sevlowwolf
      @Sevlowwolf 6 лет назад

      I'm a little confused by this question. in asymmetrical cryptography you encrypt something using your own private key, then can send it to whomever you like and include your public key. In the example Jamie Lee can then run his own hash on the document, and run another hash on the decrypted digest using the public key and if they both match, this ensures integrity.

    • @pazi95
      @pazi95 6 лет назад +1

      I think the correct terminology should have been that Arnold generates a digital signature using his private key, and then Jamie Lee verifies that signature using Arnold's public key. For encryption, the key pair would be used the opposite way, the public key is used to encrypt which can then be decrypted using the private key.

  • @valentecaio
    @valentecaio 3 года назад

    thanks a lot!

  • @fbifido2
    @fbifido2 6 лет назад

    why can't the Root zone, be the one to comunicate to the TLD, then the TLD comminicate with the DBL zone, all using dnssec, then the root reply with the correct answer?

    • @Stilgarsan
      @Stilgarsan 6 лет назад +1

      This would put extra strain on the root servers. The DNS protocol is designed to avoid such things.

  • @quadraticfunction8045
    @quadraticfunction8045 4 года назад

    Good attempt and appreciate your effort , BUT the font on slides is so hard to read and wrong colour scheme used for the diagrams.

  • @TheHynky
    @TheHynky 7 лет назад +1

    Great video even dummy as me got it.

  • @miriyalajeevankumar5449
    @miriyalajeevankumar5449 5 лет назад

    DNS sec starts at ruclips.net/video/_8M_vuFcdZU/видео.html

  • @bevo260578
    @bevo260578 3 года назад

    cool

  • @fbifido2
    @fbifido2 6 лет назад

    very low volume+++++++++++

  • @mcnogard1552
    @mcnogard1552 7 лет назад

    (deleted)

    • @mcnogard1552
      @mcnogard1552 7 лет назад

      3:24 I disagree with this. If Arnold hash using Arnolds private key, then everyone can decrypt Arnolds message with Arnolds public key.

    • @mcnogard1552
      @mcnogard1552 7 лет назад

      What should have happened is that Arnold use Jamie Lee's public key to hash his message, then Jamie Lee can open the message with his private key. But nobody else can see the message.

    • @danielbenway6599
      @danielbenway6599  7 лет назад +2

      I’m afraid you’re incorrect. If you do a little bit more research, I think you’ll see why.It seems that you might be confusing the asymmetric key encryption (public key encryption) of a document with the digital signing of a document.Next, consider the following thought experiment: if Arnold wanted to digitally sign an unencrypted document and then give it to millions of different recipients, how would he sign that document?Lastly, I prefer to answer these questions on my blog.Thanks, and have a great day!

    • @mcnogard1552
      @mcnogard1552 7 лет назад

      So DNSsec is not using RSA for signing?

  • @dahomie1620
    @dahomie1620 2 года назад

    Awesome thanks for helping my understand dnssec better!