Dnssec on Mi-Lxc
Authors:-Raquel Fabiani Touoyem
Abstract-As part of the Specialized Master in Cybersecurity for Operators of Essential Services providers, learners are required to carry out research and restitution work around a theme consistent with their teaching. It is in this perspective that we were offered DNSSEC on MI-LXC, which is a project whose objectives are initially to master the theoretical aspects around the implementation of DNS and DNSSEC, and to understand MI-LXC, which is above all a learning project simulating a mini-internet with all basic associated protocols, based on Linux containers. It will then come down to implementing DNSSEC through the main steps of key generation and zone signing, zone distribution, record validation and key and signature maintenance. It was also important in the context of this project to understand the problems introduced by the implementation of DNSSEC today, as well as the various attacks on the DNS which constitute the limit of DNSSEC. We have therefore carried out work in line with these main objectives, and this report is a restitution thereof. Throughout this project, we made an effort to convey in concise and precise terms our understanding of the various components and structure of DNSSEC under MI-LXC. The last parts allowed us to understand how DNSSEC was the solution for various attacks on the DNS, in this case cache poisoning. We have also explored the limits of DNSSEC and its implementation, and we have proposed additional security protocols which, coupled with DNSSEC, would make it possible to satisfy the objectives of Confidentiality and Integrity of DNS data, in order to make this Internet cornerstone protocol safer.
