Assessments - 0, GPA: 0
(
)
)
|
por este dispositivo também tem outras instruções :
Computadores - HP Integrity NonStop H-Series (16.73 mb)
Computadores - HP Integrity NonStop H-Series (957.56 kb)
Computadores - HP Integrity NonStop H-Series (881.66 kb)
Computadores - HP Integrity NonStop H-Series (965.62 kb)
Computadores - HP Integrity NonStop H-Series (676.93 kb)
Computadores - HP Integrity NonStop H-Series (393.72 kb)
Computadores - HP Integrity NonStop H-Series (776.57 kb)
Facilidade de uso
DNS Configuration on the NonStop Server
Use Public Key Cryptography: DNSSEC
that can communicate with Internet name servers is called a bastion host, and all other
name servers communicate with the Internet through the bastion host. See DNS and
BIND 4th edition by Paul Albitz and Cricket Liu 4th Edition for an in-depth discussion of
using DNS with firewalls, forwarding, and forward zones.
Use Public Key Cryptography: DNSSEC
DNSSEC uses public key cryptography and, like TSIG, can be used to secure
transactions between server and server and between server and client. TSIG secures
the communications between two name servers or between an updater and a name
server but does not protect your system if one of your name servers is compromised.
Someone breaking into one of your name servers may gain access to the TSIG keys.
Moreover, because TSIG uses shared secrets, it is not practical to configure TSIG
among many name servers. You could not use TSIG to secure your name servers’
communication with arbitrary name servers on the Internet because it is impossible to
distribute and manage that many keys.
The most common way to deal with key management problems is to use public key
cryptography. The DNS Security Extensions (DNSSEC) use public key cryptography to
enable zone administrators to digitally sign their zone data, thereby proving the zone
data’s authenticity.
The DNS Security Extensions (DNSSEC) defined in RFC 2535 Domain Name System
Security Extensions are found at http://www.ietf.org/rfc/rfc2535.txt?number=2535.
BIND provides several tools to set up a DNSSEC secure zone.
Communication must exist between administrators of the parent and the child zone to
transmit keys and signatures. To trust its data, the parent zone for a DNSSEC-capable
resolver must indicate a zone’s security status. For other servers to trust data in this
zone, they must either be statically configured with this zone’s zone key or with the
zone key of another zone above this zone on the DNS tree.
In DNSSEC, each secure zone has a key pair associated with it. The zone's private
key is stored somewhere safe, often in a file on the name server's file system. The
zone's public key is advertised as a new type of record attached to the domain name of
the zone, the KEY record.
The KEY record is a general-purpose record. You can use the KEY record to store
different kinds of cryptographic keys, not just the zone's public keys for use with
DNSSEC.
If the KEY record stores a zone's public key, a new record must exist to store the
corresponding private key's signature. That new record is the SIG record. DNSSEC
also introduces another new record type: the NXT record.
Output from dig shows that DNSSEC increases the average size of a DNS message,
that it requires substantially more computational horsepower from name servers
verifying zone data, and that signing a zone increases the zone’s size substantially.
Current estimates are that signing multiplies the size of a zone by a factor of seven.
For this reason, if you plan to sign your zones, make sure your authoritative name
HP DNS Configuration and Management Manual — 529432-003
3- 20
... Este manual também é adequado para os modelos :
Computadores - HP Integrity NonStop J-Series (601.62 kb)
Computadores - HP NonStop G-Series (601.62 kb)
Computadores - HP NonStop L-Series (601.62 kb)