Method for updating key-signing keys and zone-signing keys in domain name system security extension

A technology of signing key and security extension, applied in the field of key update, which can solve the problem of long update time, and achieve the effect of shortening the update time

Inactive Publication Date: 2014-12-31
政务和公益机构域名注册管理中心
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to prevent the breaking of DNSSEC verification chain of trust, the update of KSK and ZSK is carried out separately and independently at present, that is, the two operate serially, there is no overlap in time, and the update time is long

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for updating key-signing keys and zone-signing keys in domain name system security extension

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] In order to have a clearer understanding of the technical features, purposes and effects of the invention, the specific implementation manners of the present invention will now be described with reference to the accompanying drawings, in which the same reference numerals represent the same parts.

[0015] In this article, "schematic" means "serving as an example, example or illustration", and any illustration or implementation described as "schematic" in this article should not be interpreted as a more preferred or more advantageous Technical solutions.

[0016] In order to realize DNS security extension, a resource record set is set in a DNS zone. The types of resource record sets include DNS key resource record set (hereinafter referred to as DNSKEY), resource record signature record (hereinafter referred to as RRSIG) and authorized signers (hereinafter referred to as DS record). figure 1 Describes how to update the Key Signing Key and Zone Signing Key for DNS Securi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for updating key-signing keys and zone-signing keys in domain name system security extension (DNSSEC). The method includes the following steps that: in a DNS region, new key-signing keys and new zone-signing keys are added to a DNSKEY resource record set, and the new key-signing keys and original key-signing keys are utilized to sign the DNSKEY; the new zone-signing keys are utilized to sign all resource record sets, and the new key-signing keys or DS records are submitted to the parent domain of the DNS region; the DNS region signed by the new zone-signing keys is transmitted to a slave server of the DNS region, and the DS records are transmitted to a slave server of the parent domain; and original zone-signing keys are deleted from the DNSKEY, and the new key-signing keys are utilized to re-sign the DNSKEY resource record set, and the original key-signing keys are deleted from the DNSKEY, and the new key-signing keys are utilized to re-sign the DNSKEY resource record set.

Description

technical field [0001] The present invention relates to a method for renewing keys, in particular to a method for renewing key signature keys and zone signature keys used in Domain Name System Security Extensions (DNSSEC for short). Background technique [0002] The Domain Name System (DNS for short) is a hierarchical distributed database that contains a series of records, including names, IP addresses, and host information. DNS is a set of protocols and services that allow users to use hierarchical user-friendly names instead of IP addresses when looking up network resources. When the DNS client sends an IP address query request to the DNS server, the DNS server can search the required IP address from its database to the DNS client. This process by which the DNS server finds the client's IP address in its database is called "host name resolution." [0003] In order to improve query efficiency, DNS adopts a cache mechanism to store the latest queried records in the cache a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 王正王睿
Owner 政务和公益机构域名注册管理中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap