{"id":943,"date":"2021-09-15T14:04:35","date_gmt":"2021-09-15T06:04:35","guid":{"rendered":"https:\/\/choson_steven.lifenet.com.tw\/?p=943"},"modified":"2023-03-29T16:01:26","modified_gmt":"2023-03-29T08:01:26","slug":"dns-%e5%ae%89%e5%85%a8%e6%93%b4%e5%b1%95-dnssec","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=943","title":{"rendered":"DNS \u5b89\u5168\u64f4\u5c55 (DNSSEC)"},"content":{"rendered":"\n

\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210915\/20132160uMqakJgDrS.jpg\"
-DNSSEC \u8cc7\u6e90\u8a18\u9304\uff08\u4f86\u6e90\uff1aInfoBlox<\/a>\uff09
DNSSEC\u4f7f\u7528\u6578\u5b57\u7c3d\u540d\u78ba\u4fddDNS \u6578\u64da\u7684\u5b8c\u6574\u6027\uff0c\u800c DNS over HTTPS (DoH) \u6216 DNS over TLS (DoT) \u4fdd\u8b77\u6a5f\u5bc6\u6027\u3002
\u4ee5\u4e0b\u662f\u4e00\u4e9b\u6700\u91cd\u8981\u7684 DNSSEC \u8cc7\u6e90\u8a18\u9304 (RR)\uff1a
. DS\uff08\u59d4\u8a17\u7c3d\u540d\u8005\uff09
. DNSKEY\uff08DNS \u516c\u9470\uff09
. RRSIG\uff08\u8cc7\u6e90\u8a18\u9304\u7c3d\u540d\uff09
\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210915\/201321608gOmwhiDvP.png\"
DS\uff08\u59d4\u8a17\u7c3d\u540d\u8005\uff09
DS RR \u5305\u542b\u5b50\u5340\u57df KSK \u7684\u54c8\u5e0c\u503c\uff0c\u53ef\u7528\u4f5c\u67d0\u4e9b\u5177\u6709\u5b89\u5168\u610f\u8b58\u7684\u89e3\u6790\u5668\u4e2d\u7684\u4fe1\u4efb\u9328\uff0c\u4e26\u70ba DNS \u670d\u52d9\u5668\u4e2d\u7684\u7c3d\u540d\u5b50\u5340\u57df\u5275\u5efa\u5b89\u5168\u59d4\u6d3e\u9ede\u3002\u5982\u5716 22.1 \u6240\u793a\uff0c\u7236\u5340\u57df corpxyz.com \u4e2d\u7684 DS RR \u5305\u542b\u5b50\u5340\u57df sales.corpxyz.com \u7684 KSK \u7684\u54c8\u5e0c\u503c\uff0c\u800c\u5b50\u5340\u57df sales.corpxyz.com \u7684 DS \u8a18\u9304\u53c8\u5305\u542b\u5176\u5b50\u5340\u57df\u7684 KSK \u7684\u54c8\u5e0c\u503c, nw.sales.corpxyz.com\u3002
-\u8cc7\u6599\u4f86\u6e90\uff1aInfoBlox<\/a><\/p>\n\n\n\n

DNSKEY\uff08DNS \u516c\u9470\uff09
\u7576\u6b0a\u5a01\u540d\u7a31\u670d\u52d9\u5668\u5c0d\u5340\u57df\u9032\u884c\u6578\u5b57\u7c3d\u540d\u6642\uff0c\u5b83\u901a\u5e38\u6703\u751f\u6210\u5169\u500b\u5bc6\u9470\u5c0d\uff0c\u4e00\u500b\u5340\u57df\u7c3d\u540d\u5bc6\u9470 (ZSK) \u5c0d\u548c\u4e00\u500b\u5bc6\u9470\u7c3d\u540d\u5bc6\u9470 (KSK) \u5c0d\u3002
\u540d\u7a31\u670d\u52d9\u5668\u4f7f\u7528ZSK \u5c0d\u7684\u79c1\u9470\u5c0d\u5340\u57df\u4e2d\u7684\u6bcf\u500b RRset \u9032\u884c\u7c3d\u540d\u3002\uff08RRset \u662f\u4e00\u7d44\u5177\u6709\u76f8\u540c\u6240\u6709\u8005\u3001\u985e\u5225\u548c\u985e\u578b\u7684\u8cc7\u6e90\u8a18\u9304\u3002\uff09\u5b83\u5c07 ZSK \u5c0d\u7684\u516c\u9470\u5b58\u5132\u5728 DNSKEY \u8a18\u9304\u4e2d\u3002
\u7136\u5f8c\u540d\u7a31\u670d\u52d9\u5668\u4f7f\u7528KSK \u5c0d\u7684\u79c1\u9470\u5c0d\u6240\u6709 DNSKEY \u8a18\u9304\u9032\u884c\u7c3d\u540d\uff0c\u5305\u62ec\u5b83\u81ea\u5df1\u7684\u8a18\u9304\uff0c\u4e26\u5c07\u76f8\u61c9\u7684\u516c\u9470\u5b58\u5132\u5728\u53e6\u4e00\u500b DNSKEY \u8a18\u9304\u4e2d\u3002
\u56e0\u6b64\uff0c\u4e00\u500b\u5340\u57df\u901a\u5e38\u6709\u5169\u500b DNSKEY \u8a18\u9304\uff1b\u4fdd\u5b58 ZSK \u5c0d\u516c\u9470\u7684 DNSKEY \u8a18\u9304\uff0c\u4ee5\u53ca KSK \u5c0d\u516c\u9470\u7684\u53e6\u4e00\u500b DNSKEY \u8a18\u9304\u3002
\u8cc7\u6599\u4f86\u6e90\uff1aInfoBlox<\/a><\/p>\n\n\n\n

R RSIG\uff08\u8cc7\u6e90\u8a18\u9304\u7c3d\u540d\uff09
\u4e00\u500b\u7c3d\u540d\u5340\u57df\u6709\u591a\u500b RRset\uff0c\u6bcf\u500b\u8a18\u9304\u985e\u578b\u548c\u6240\u6709\u8005\u540d\u7a31\u4e00\u500b\u3002\uff08\u6240\u6709\u8005\u662fRRset \u7684\u57df\u540d\u3002\uff09\u7576\u6b0a\u5a01\u540d\u7a31\u670d\u52d9\u5668\u4f7f\u7528ZSK \u5c0d\u7684\u79c1\u9470\u5c0d\u5340\u57df\u4e2d\u7684\u6bcf\u500bRRset \u9032\u884c\u7c3d\u540d\u6642\uff0c\u6bcf\u500bRRset \u4e0a\u7684\u6578\u5b57\u7c3d\u540d\u90fd\u5b58\u5132\u5728RRSIG \u8a18\u9304\u4e2d\u3002\u56e0\u6b64\uff0c\u7c3d\u540d\u5340\u57df\u5305\u542b\u6bcf\u500b RRset \u7684 RRSIG \u8a18\u9304\u3002
\u8cc7\u6599\u4f86\u6e90\uff1aInfoBlox<\/a><\/p>\n\n\n\n

\u53c3\u8003
DNSSEC \u2013 \u56de\u9867<\/a>
DNSSEC \u2013 \u5b83\u662f\u4ec0\u9ebc\u4ee5\u53ca\u70ba\u4ec0\u9ebc\u91cd\u8981\uff1f<\/a>
\u57df\u540d\u7cfb\u7d71\u5b89\u5168\u64f4\u5c55<\/a>
DNSSEC \u7684\u5de5\u4f5c\u539f\u7406<\/a>
DNSSEC\uff1a\u5b83\u7684\u5de5\u4f5c\u539f\u7406\u548c\u4e3b\u8981\u8003\u616e\u56e0\u7d20<\/a>
RFC 4033\uff1aDNS \u5b89\u5168\u4ecb\u7d39\u548c\u8981\u6c42<\/a>
RFC 4034\uff1aDNS \u5b89\u5168\u64f4\u5c55\u7684\u8cc7\u6e90\u8a18\u9304<\/a>
RFC 4035\uff1aDNS \u5b89\u5168\u64f4\u5c55\u7684\u5354\u8b70\u4fee\u6539<\/a>
\u57fa\u65bc HTTPS \u7684 DNS<\/a>
\u5982\u4f55\u914d\u7f6e DoT\/DoH<\/a>
DNSKEY \u8cc7\u6e90\u8a18\u9304<\/a><\/p>\n\n\n\n

\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0Wentz Wu QOTD-20210809<\/a><\/p>\n\n\n\n

PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"

-DNSSEC \u8cc7\u6e90\u8a18\u9304\uff08\u4f86\u6e90\uff1aInfoBlox\uff09DNSSEC\u4f7f\u7528\u6578\u5b57\u7c3d\u540d\u78ba\u4fddDNS \u6578\u64da\u7684\u5b8c\u6574\u6027\uff0c\u800c DNS […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-943","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=943"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/943\/revisions"}],"predecessor-version":[{"id":2809,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/943\/revisions\/2809"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}