DNSSec Explained

No video

DNSSec Explained

Рет қаралды 72,020

8 жыл бұрын

In this video I diagrammatically show how DNSSec works. We’ll look at DNS functionality, DNS referrals, spoofing and man-in-the-middle attacks, asymmetric key cryptography (public key cryptography), digital signatures, zone signing keys, key signing keys, DS records, and more.

Пікірлер: 57

@keerthisreenivaskonjety1897 4 ай бұрын

I was looking up for your blog. RIP, you are making an impact event after you left this world! amazing explanation.

@luislo01 5 жыл бұрын

Terribly good explained. There are tons of videos pretending to explain DNSSec, yours do it for real!!! Very well done. Thanks a lot.

@chennaikidi 5 жыл бұрын

Very well presented. Have seen a lot of content for DNSSec but havent found anything as clear and concise as this.

@rafafilho11 3 жыл бұрын

Great explanation, I lost some hours trying to understand the DNSSec and now, I got everything I need. Thanks for the good material.

@thebpandey 6 жыл бұрын

This was great! Clear explanations.Thanks for taking the time to make this.

@fantuznet 6 жыл бұрын

bravo! clear, quick, intense. interetesting !

@Ali-ok8yn 3 жыл бұрын

The best explanation of DNSSEC on youtube

@allanjoarder27 8 жыл бұрын

Thank you for the awesome explanation!

@alientezam18 4 жыл бұрын

Very well explained. Thank you !!!

@Pedro-fd9tv Жыл бұрын

Best video on the subject, thank you for the explanation.

@Protonumus 4 жыл бұрын

Great job interpreting DNSSec for secure domains. Google's future prospects on the Internet include encryption - a secure connection (HTTPS) is required for all websites. Google has implemented unsafe warnings for domains. Google will block (HTTP) domains next year or so.

@123norway Жыл бұрын

A very clear explanation! Thank you good sir!

@KartikGajaria Жыл бұрын

Thanks for such a simple and clear explanation.

@colunizator 6 жыл бұрын

Yooo man You are the real MVP Current MCSA books don't give a thing about this terminology and explanation Edit: I don't have any DNS practice, and i was struggling understanding DNSSEC from 70-741 exam Thanks a lot

@tomasplachy884 4 жыл бұрын

This is a great video, but it would be even better, if you highlighted the parts you are currently talking about (since it is a bit difficoult to orientate in all the items). Anyway thanks for the explanation, it helped a lot.

@sheikhbaseer3799 4 жыл бұрын

Awesome Explanation...Kudos.

@vinylshetty1 4 жыл бұрын

very good video. cleared the concept . cloudflare also has some good articles / blogs written on dnssec and complexities it brings in.this video and those blogs should be good starting point for everyone

@preetidutta5660 6 жыл бұрын

Awesome slides Daniel

@hamidullahmuslih6301 4 жыл бұрын

thank you sooooo much that was awesome

@faazk 7 жыл бұрын

Does this mean dnssec is not depended on HTTPS digital signatures? so digital signatures we receive on HTTPS are different to digital certificate of DNSSEC?

@threeone6012 3 жыл бұрын

Fantastic explanation! Somebody needs to put you in charge of something. You know what you're talking about.

@cloudbuddytechsource8532 2 жыл бұрын

Daniel, can you please share the reference/blog links. your information really helped a lot. Great work 👍

@CyberJuke5 5 ай бұрын

If there's a malicious server pretending to be the original one, isn't there a way to know the difference between them, for example, in the URL?

@PETAJOULE543 5 жыл бұрын

Motivation of DNSSEC and also its detailed explanation. Also, the difference between iterative and recursive dns queries.

@fbifido2 6 жыл бұрын

@9:02 why not just encrypt the request with the root pubksk, then send it to the root server, with your own public-key?

@IPv6people 2 жыл бұрын

Thanks indeed for this explanation. DNSSEC still does not give the impression of a simple system. Could that be the reason for the limited implementation?

@Valdemore4 2 жыл бұрын

Great video

@nahdude2457 5 жыл бұрын

A goog presentation does not make its presenter obsolete. This does! A more visually supportive presentation would have been miles better and easier to create.

@GoldenGecko 2 жыл бұрын

good stuff

@valentecaio 3 жыл бұрын

thanks a lot!

@saraibrown9649 3 жыл бұрын

Great video but I would recommend raising the volume a bit. I struggled to hear you even with my volume all the way up. I appreciate the effort regardless!

@peterc.7841 Жыл бұрын

Thanks so much, very helpful. If it's still completely valid, you may want to upload it afresh, to have a newer date.

@pear7777 10 ай бұрын

"Who needs it?" "Everyone!"

@TheHynky 7 жыл бұрын

Great video even dummy as me got it.

@fbifido2 6 жыл бұрын

why can't the Root zone, be the one to comunicate to the TLD, then the TLD comminicate with the DBL zone, all using dnssec, then the root reply with the correct answer?

@Stilgarsan 5 жыл бұрын

This would put extra strain on the root servers. The DNS protocol is designed to avoid such things.

@dankierson Ай бұрын

You have to study this to get it all but the gist of it is clear - DNSSEC makes it harder to hijack a web request by having domain name servers retain records for a domain that allow an independent server to validate it before the user connects with it.

@asheesha68 2 жыл бұрын

Very nice presentation.. but perhaps you forgot to explain what is DNSKey

@jpdstan 7 жыл бұрын

Very well made slides! Although I don't really think there's a point to making this a video/narrating over it if you just read completely off the slides.

@bevo260578 3 жыл бұрын

cool

@v1rtu4l 7 жыл бұрын

on 4:05 your picture says that Jamie Lee does decrypt a digest encrypted by Arnolds private key by using Arnold's public key. By definition you can not decrypt with a public Key. i think you meant that Jamie Lee does encrypt the hash of the sent document and then compare that to the send encrypted digest. am i right ?

@Sevlowwolf 6 жыл бұрын

I'm a little confused by this question. in asymmetrical cryptography you encrypt something using your own private key, then can send it to whomever you like and include your public key. In the example Jamie Lee can then run his own hash on the document, and run another hash on the decrypted digest using the public key and if they both match, this ensures integrity.

@pazi95 6 жыл бұрын

I think the correct terminology should have been that Arnold generates a digital signature using his private key, and then Jamie Lee verifies that signature using Arnold's public key. For encryption, the key pair would be used the opposite way, the public key is used to encrypt which can then be decrypted using the private key.

@ianporter9740 3 жыл бұрын

"special shoutout to al gore" omegalul xDD

@quadraticfunction8045 4 жыл бұрын

Good attempt and appreciate your effort , BUT the font on slides is so hard to read and wrong colour scheme used for the diagrams.

@miriyalajeevankumar5449 5 жыл бұрын

DNS sec starts at kzbin.info/www/bejne/lWmwkKmre8iXkLc

@fbifido2 6 жыл бұрын

very low volume+++++++++++

@mcnogard1552 7 жыл бұрын

(deleted)

@mcnogard1552 7 жыл бұрын

3:24 I disagree with this. If Arnold hash using Arnolds private key, then everyone can decrypt Arnolds message with Arnolds public key.

@mcnogard1552 7 жыл бұрын

What should have happened is that Arnold use Jamie Lee's public key to hash his message, then Jamie Lee can open the message with his private key. But nobody else can see the message.

@danielbenway6599 7 жыл бұрын

I’m afraid you’re incorrect. If you do a little bit more research, I think you’ll see why.It seems that you might be confusing the asymmetric key encryption (public key encryption) of a document with the digital signing of a document.Next, consider the following thought experiment: if Arnold wanted to digitally sign an unencrypted document and then give it to millions of different recipients, how would he sign that document?Lastly, I prefer to answer these questions on my blog.Thanks, and have a great day!

@mcnogard1552 7 жыл бұрын

So DNSsec is not using RSA for signing?