Support DNS security in multi-principal environment

Abstract

Multiple peer domain name system (DNS) servers are included in a multi-master DNS environment. One of the multiple peer DNS servers is a key master peer DNS server that generates one or more keys for a DNS zone serviced by the multiple peer DNS servers. The key master peer DNS server can also generate a signing key descriptor that identifies the set of one or more keys for the DNS zone, and communicate the signing key descriptor to the other ones of the multiple peer DNS servers.

Description

Background technique

[0001] A typical Domain Name System (DNS) server resolves names to Internet Protocol (IP) addresses. The DNS Security Extension (DNSSEC) protocol has been developed to add security extensions to the DNS system. However, a typical DNS system is set up with a primary DNS server and one or more secondary DNS servers. Implementing the DNSSEC protocol in an environment with more than one primary DNS server can be problematic. Contents of the invention

[0002] This Summary is provided in a simplified form to introduce a selection of concepts that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

[0003] According to one or more aspects, a signing key descriptor identifying how to sign a domain name system (DNS) zone is generated. Additionally, at the first peer DN...

Images