What is Linux dnssec

Linux dnssec refers to domain name system security extensions, and its full English name is "DNS Security Extensions"; turning on DNSSEC can effectively prevent attacks such as DNS spoofing and cache pollution. It uses digital signatures to ensure DNS response messages The authenticity and integrity can protect users from being redirected to unexpected addresses, thereby improving users' trust in the Internet and protecting core businesses.

#The operating environment of this tutorial: linux5.9.8 system, Dell G3 computer.

What is Linux dnssec?

Domain name system security extensions (DNS Security Extensions), referred to as DNSSEC. Turning on DNSSEC can effectively prevent attacks such as DNS spoofing and cache pollution. It uses digital signatures to ensure the authenticity and integrity of DNS response messages. It can protect users from being redirected to unexpected addresses, thereby improving users' trust in the Internet and protecting your core business.

Notes on using DNSSEC:

DNSSEC is currently open to paid DNS users (no version restrictions).

If you use the subdomain name to independently host the DNS function, turning on DNSSEC is not supported.

When using the secondary DNS function, turning on DNSSEC is not supported.

When the DNS paid version expires, if you no longer plan to use the DNS paid version, you must first go to the domain name registrar to delete the DS record, and then turn off DNSSEC in the Cloud DNS DNS console to avoid resolution failures.

When the DNSSEC service is turned on and the "transfer between domain name accounts" function is used, which means to transfer the domain name from account A to account B, you need to first delete the DS record at the domain name registrar, and then go to the cloud resolution DNS console Turn off DNSSEC to avoid resolution failures.

When the DNSSEC service is turned on and the "Cross-account transfer DNS resolution" function is used, it means to transfer the domain name DNS resolution from account A to account B. You need to first delete the DS record at the domain name registrar, and then transfer it to the cloud resolution Turn off DNSSEC in the DNS console to avoid resolution failures.

The DNSSEC service has been turned on. When using the "unbind domain name" function, you need to go to the domain name registrar to delete the DS record first, and then turn off DNSSEC in the Cloud DNS DNS console to avoid resolution failure.

The DNSSEC function requires both the domain name resolution service provider and the domain name registrar to support DNSSEC before it can take effect. Currently, both Cloud Resolution DNS and Alibaba Cloud domain name registrar support this service.

Recommended learning: "linux video tutorial"

The above is the detailed content of What is Linux dnssec. For more information, please follow other related articles on the PHP Chinese website!