What technology can secure DNS information in IP networks?
A.
a combination of DNS and SSL/TLS
B.
a combination of DNS and IPSec
C.
DNS encryption
D.
DNSSEC
Explanation:
DNSSEC supplements the hierarchical nature of the DNS with cryptographic
characteristics that make it possible to verify the authenticity of information stored in
the DNS. This validation makes it possible for resolvers to be assured that when they
request a particular piece of information from the DNS, that they do in fact receive the
correct information as published by the authoritative source.
This assurance is made possible using cryptographic signatures included in the DNS by a
source organization. These signatures are calculated on a complete Resource Record
set, not individual Resource Records. The signatures are published in a DNSSEC-specific
resource record type called RRSIG. For example, setting aside the requisiteinfrastructure, by publishing the signature for an A record, the source organization
makes it possible for resolvers on the Internet to verify that the A record contains
authentic data and is correct as published. A DNS server is only signing data for which it
is authoritative, for example, the DNS server does not sign NS records that delegate
subdomains from its zone.
http://www.cisco.com/web/about/security/intelligence/dnssec.html#5