도메인 도움말

What is the DNSSEC chain of trust?

The DNSSEC (Domain Name System Security Extensions) chain of trust is a verified electronic signature, or handshake, at each DNS lookup node. In other words, it is a chain of lookups validated by the domain name's digital signature that secures the request through all lookup nodes. This ensures that no rogue or illicit player can slip into the lookup path and redirect the lookup to a bogus site.

Here's an example of using your browser to visit coolexample.org:

  1. Your lookup request goes to the domain name's root server and asks for the location of .org domain names. The root server, which is DNSSEC-aware, indicates the registry for .org domain extensions, PIR.
  2. The lookup asks PIR, the .org domain name registry and currently DNSSEC-aware, for the location of coolexample.org.
  3. PIR points the lookup to the authoritative DNS server for coolexample.org. This authoritative nameserver must also be DNSSEC-aware to continue the chain.
  4. The authoritative DNS server provides the requested address to you and your computer.

From your local computer to the authoritative nameserver for the requested URL and back, a digital signature (or handshake) at each node insures that your request provides the website you requested and that the request is not intercepted by rogue operators along the way.


이 글이 도움되었나요?
피드백을 보내주셔서 감사합니다. 고객 서비스 담당자에게 문의하시려면 지원 전화 번호 또는 위의 채팅 옵션을 이용하시기 바랍니다.
도와드릴 수 있어 기쁩니다! 더 도와 드릴 것이 있나요?
그것 유감스럽습니다. 혼동이 되었던 사항 또는 솔루션이 고객님의 문제를 해결하지 못했던 원인을 알려주세요.