Specifications
DNSSEC: Security for DNS Queries
41
8.7 DNSSEC: Security for DNS Queries
DNSSEC is short for Domain Name System Security Exten-
sions. As the name says, this is an extension of DNS, the do-
main name system.
DNSSEC ensures that both the DNS server and the informa-
tion returned by the DNS server are authentic, or genuine.
Support with the FRITZ!Box
The FRITZ!Box supports DNSSEC queries over UDP.
The FRITZ!Box has a DNS proxy. The computers in the home
network use the FRITZ!Box as a DNS server. The FRITZ!Box for-
wards DNSSEC queries from the home network to the Inter-
net. The FRITZ!Box forwards DNSSEC responses from the
Internet to the home network.The DNSSEC information must
be validated on the computer in the home network. For this
DNSSEC must be supported in the operating system.
Security with DNSSEC
When a home user surfs the web, she or he sends queries to
the Internet by entering URLs in the address line of his brows-
er. A URL is the name of a web site that is easy to remember,
such as avm.de/en
. Every query is sent to the DNS server
first. The DNS server resolves the URL into the corresponding
IP address. There is one unambiguous IP address for every
URL.
The home user relies on the authenticity of the IP address re-
turned by the DNS server. Authentic means that the response
is the IP address of the desired web site, and not a faked IP
address that leads to a fake web site. DNSSEC can ensure that
the returned addresses are authentic.
FRITZ!Box 3270-en.fm Seite 41 Mittwoch, 14. März 2012 2:44 14