Operating Instructions and Installation Instructions
DNSSEC: Security for DNS Queries
51
Support with the FRITZ!Box
The FRITZ!Box supports DNSSEC queries over UDP.
The FRITZ!Box has a DNS proxy. The computers in the home
network use the FRITZ!Box as a DNS server. The FRITZ!Box for-
wards DNSSEC queries from the home network to the Inter-
net. The FRITZ!Box forwards DNSSEC responses from the In-
ternet to the home network.The DNSSEC information must be
validated on the computer in the home network. For this DNS-
SEC must be supported in the operating system.
Security with DNSSEC
When a home user surfs the web, she or he sends queries to
the Internet by entering URLs in the address line of his browser.
A URL is the name of a web site that is easy to remember, such
as avm.de/en
. Every query is sent to the DNS server first. The
DNS server resolves the URL into the corresponding IP address.
There is one unambiguous IP address for every URL.
The home user relies on the authenticity of the IP address re-
turned by the DNS server. Authentic means that the response
is the IP address of the desired web site, and not a faked IP
address that leads to a fake web site. DNSSEC can ensure that
the returned addresses are authentic.
FB6840LTE-e2.fm Seite 51 Dienstag, 29. Mai 2012 5:34 17