Revision as of 18:58, 14 May 2023 edit Citation bot (talk \| contribs) Bots 5,867,218 edits Add: newspaper. \| Use this bot. Report bugs. \| Suggested by AManWithNoPlan \| #UCB_toolbar Tags: Manual revert Reverted ← Previous edit		Revision as of 19:03, 14 May 2023 edit undo AManWithNoPlan (talk \| contribs) Extended confirmed users 100,078 edits Restored revision 1154800530 by AManWithNoPlan (talk) Tags: Twinkle Undo Next edit →
Line 58: \| last2 = Surý \| first2 = Ondřej ~~\| newspaper = IETF Datatracker~~ \| doi = 10.17487/RFC8624 \| s2cid = 195856691 Line 104 ⟶ 103: \| last2 = Sury \| first2 = O. ~~\| newspaper = IETF Datatracker~~ \| s2cid = 195856691 }}</ref> Line 153 ⟶ 151: \| last5= Arends \| first5= Roy ~~\| newspaper= IETF Datatracker~~ \| doi= 10.17487/RFC4033 }} Line 173 ⟶ 170: A ''validating stub resolver'' can also potentially perform its own signature validation by setting the Checking Disabled (CD) bit in its query messages.<ref name="rfc4033_p12"/> A validating stub resolver uses the CD bit to perform its own recursive authentication. Using such a validating stub resolver gives the client end-to-end DNS security for domains implementing DNSSEC, even if the Internet service provider or the connection to them is not trusted. Non-validating stub resolvers must rely on external DNSSEC validation services, such as those controlled by the user's [[Internet service provider]] or a [[public recursive name server]], and the communication channels between itself and those name servers, using methods such as [[DNS over TLS]].<ref name="rfc4033_p12">{{Cite journal \| title= RFC 4033: DNS Security Introduction and Requirements \| publisher= [[The Internet Society]] \| date= March 2005 \| page= 12 \| url= http://tools.ietf.org/html/rfc4033#page-12 \| last1= Rose \| first1= Scott \| last2= Larson \| first2= Matt \| last3= Massey \| first3= Dan \| last4= Austein \| first4= Rob \| last5= Arends \| first5= Roy ~~\| newspaper= IETF Datatracker~~ \| doi= 10.17487/RFC4033 }}</ref><ref name="practical-ipsec">{{cite book \| title= Enabling Practical IPsec Authentication for the Internet \| first1= Pedro J. \| last1= Muñoz Merino \| first2= Alberto \| last2= García-Martínez \| first3= Mario Muñoz \| last3= Organero \| first4= Carlos Delgado \| last4= Kloos \| year= 2006 \| series= On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops \| volume= 1 \| editor1-first= Robert \| editor1-last= Meersman \| editor2-first= Zahir \| editor2-last= Tari \| editor3-first= Herrero Martín \| editor3-last= Herrero \| publisher= [[Springer Science+Business Media\|Springer]] \| url= http://netcom.it.uc3m.es/publications/pdf/2006/fulltext.pdf \| url-status= dead \| archive-url= https://web.archive.org/web/20120426065241/http://netcom.it.uc3m.es/publications/pdf/2006/fulltext.pdf \| archive-date= 2012-04-26 }}</ref> ===Trust anchors and authentication chains===

Domain Name System Security Extensions: Difference between revisions