{"id":4397,"date":"2020-10-30T22:05:08","date_gmt":"2020-10-30T21:05:08","guid":{"rendered":"https:\/\/webhosting.de\/?p=4397"},"modified":"2020-10-30T22:05:08","modified_gmt":"2020-10-30T21:05:08","slug":"dnssec","status":"publish","type":"post","link":"https:\/\/webhosting.de\/fr\/dnssec\/","title":{"rendered":"dnssec"},"content":{"rendered":"

Extensions de s\u00e9curit\u00e9 du syst\u00e8me de noms de domaine<\/h2>\n

Le dnssec est un ensemble de normes dans le Internet<\/a>qui offrent une garantie de m\u00e9canismes de s\u00e9curit\u00e9. Ils sont \u00e9galement soumis \u00e0 l'authenticit\u00e9 et \u00e0 l'int\u00e9grit\u00e9 Donn\u00e9es<\/a>. Un participant au dnssec peut v\u00e9rifier certaines donn\u00e9es de zone. Il peut \u00e9galement v\u00e9rifier si les donn\u00e9es de la zone DNS sont identiques \u00e0 celles qu'un cr\u00e9ateur est autoris\u00e9 \u00e0 utiliser dans la zone.<\/p>\n

Pas de cryptage des donn\u00e9es<\/h2>\n

Le dnssec a \u00e9t\u00e9 d\u00e9velopp\u00e9 pour lutter contre le poinsonisme des caches. Les signatures num\u00e9riques sont s\u00e9curis\u00e9es pendant le transfert des enregistrements de ressources. L'authentification n'a jamais lieu sur les serveurs ou sur les clients. Avec le dnssec, aucune donn\u00e9e n'est crypt\u00e9e. Le cryptosyst\u00e8me asym\u00e9trique. Le propri\u00e9taire d'une information particuli\u00e8re est appel\u00e9 le serveur ma\u00eetre. C'est \u00e9galement l\u00e0 que se trouve la zone \u00e0 s\u00e9curiser. Chaque enregistrement est sign\u00e9 avec une cl\u00e9 priv\u00e9e ou une cl\u00e9 secr\u00e8te. L'authenticit\u00e9 et l'int\u00e9grit\u00e9 peuvent \u00eatre valid\u00e9es \u00e0 l'aide d'une cl\u00e9 publique. L'extension EDNS est pr\u00e9f\u00e9r\u00e9e par le dnssec. Des param\u00e8tres suppl\u00e9mentaires peuvent \u00eatre utilis\u00e9s avec cette extension. La limitation de taille de 512 octets est \u00e9galement supprim\u00e9e avec cette extension. Des messages DNS plus longs sont n\u00e9cessaires si une cl\u00e9 ou une signature doit \u00eatre transmise.<\/p>\n

Comment fonctionne l'ADN ?<\/h2>\n

Dans le RR, c'est-\u00e0-dire le registre des ressources, les informations sont fournies par le dnssec. Celles-ci garantissent l'authenticit\u00e9 des informations gr\u00e2ce \u00e0 une signature num\u00e9rique. Le serveur ma\u00eetre de la zone est le propri\u00e9taire de ces informations. C'est aussi celui qui fait autorit\u00e9. Pour chaque zone \u00e0 s\u00e9curiser, il y a une cl\u00e9 de chant de zone. La paire se compose de cl\u00e9s publiques et priv\u00e9es. La partie publique de la cl\u00e9 de zone est incluse dans le fichier de zone sous le nom de DNSKEY Resource Record. La cl\u00e9 priv\u00e9e garantit que chaque RR individuel est sign\u00e9 num\u00e9riquement dans la zone. \u00c0 cette fin, une fiche de ressources est remplie, qui est ensuite la fiche de ressources RRSIG. Elle contient la signature de l'enregistrement DNS.
\nPour chacune de ces transactions, un RRSIG-RR est envoy\u00e9 avec la fiche ressource normale. Pour un transfert dans la zone, les esclaves le re\u00e7oivent en premier. Celui-ci est ensuite stock\u00e9 dans un cache \u00e0 bonne r\u00e9solution. La derni\u00e8re chose que le RR se retrouve au revolver qui l'a demand\u00e9. Avec la cl\u00e9 de la zone publique, le RR peut valider la signature.<\/p>\n

L'\u00e9valuation<\/h2>\n

Avec le dnssec, les r\u00e9solveurs DNS sont les dispositifs finaux, tels qu'un ordinateur ou un smartphone, sur lesquels les enregistrements ne peuvent pas \u00eatre valid\u00e9s. Les Stubresolvers sont simplement des programmes construits qui peuvent r\u00e9soudre compl\u00e8tement un nom. M\u00eame dans un serveur de nom r\u00e9cursif. Pour r\u00e9soudre un nom, le stubresolver envoie une demande \u00e0 un serveur de noms dans le r\u00e9seau local, ou dans le r\u00e9seau de ISP<\/a>prononc\u00e9 \"Fournisseurs d'acc\u00e8s \u00e0 Internet\".<\/p>\n

Un bit DO est activ\u00e9, ce qui peut indiquer au r\u00e9solveur du serveur de noms que l'enregistrement doit \u00eatre valid\u00e9. Le stubresolver doit supporter l'extension EDNS du dnssec. Le serveur peut donc aussi \u00eatre confondu. Cela signifie que la validation peut toujours \u00eatre effectu\u00e9e.<\/p>\n

Ceci est ind\u00e9pendant du contenu et de la pr\u00e9sence du bit DO. Si le serveur renvoie une erreur g\u00e9n\u00e9rale, c'est qu'il y a eu un probl\u00e8me. En cas de succ\u00e8s, le serveur donne une r\u00e9ponse bit AD. AD signifie Donn\u00e9es Authentifi\u00e9es. Pour un stubresolver, il n'est pas possible de d\u00e9tecter si l'erreur est caus\u00e9e par l'\u00e9chec de la validation ou si elle a une autre cause. Les causes peuvent \u00eatre une panne d'\u00e9lectricit\u00e9 ou une d\u00e9faillance du serveur de noms dans le nom de domaine demand\u00e9.<\/p>","protected":false},"excerpt":{"rendered":"

Domain Name System Security Extensions Die dnssec ist eine Reihe von Standarten im Internet, die eine Gew\u00e4hrleistung von Sicherheitsmechanismen geben. Diese unterliegen auch der Authentizit\u00e4t und der Integrit\u00e4t der Daten. Ein Teilnehmer des dnssec kann bestimmte Zonendaten verifizieren. Dieser kann auch pr\u00fcfen ob die DNS-Zonendaten identisch sind mit denen die ein Ersteller von der Zone […]<\/p>\n","protected":false},"author":1,"featured_media":1197,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_crdt_document":"","inline_featured_image":false,"footnotes":""},"categories":[732],"tags":[],"class_list":["post-4397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lexikon"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":null,"rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":null,"rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":"dnssec","_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":null,"_edit_lock":null,"_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":null,"_oembed_time_03514b67990db061d7c4672de26dc514":null,"rank_math_news_sitemap_robots":"index","rank_math_robots":["index"],"_eael_post_view_count":"3872","_trp_automatically_translated_slug_ru_ru":null,"_trp_automatically_translated_slug_et":"dnssec","_trp_automatically_translated_slug_lv":"dnssec","_trp_automatically_translated_slug_fr_fr":null,"_trp_automatically_translated_slug_en_us":null,"_wp_old_slug":null,"_trp_automatically_translated_slug_da_dk":null,"_trp_automatically_translated_slug_pl_pl":null,"_trp_automatically_translated_slug_es_es":null,"_trp_automatically_translated_slug_hu_hu":null,"_trp_automatically_translated_slug_fi":"dnssec","_trp_automatically_translated_slug_ja":"%e3%83%87%e3%82%a3%e3%83%bc%e3%82%a8%e3%83%8c%e3%82%b7%e3%83%bc%e3%82%bb%e3%83%83%e3%82%af","_trp_automatically_translated_slug_lt_lt":null,"_elementor_edit_mode":null,"_elementor_template_type":null,"_elementor_version":null,"_elementor_pro_version":null,"_wp_page_template":"default","_elementor_page_settings":null,"_elementor_data":null,"_elementor_css":null,"_elementor_conditions":null,"_happyaddons_elements_cache":null,"_oembed_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_time_75446120c39305f0da0ccd147f6de9cb":null,"_oembed_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_time_3efb2c3e76a18143e7207993a2a6939a":null,"_oembed_59808117857ddf57e478a31d79f76e4d":null,"_oembed_time_59808117857ddf57e478a31d79f76e4d":null,"_oembed_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_time_965c5b49aa8d22ce37dfb3bde0268600":null,"_oembed_81002f7ee3604f645db4ebcfd1912acf":null,"_oembed_time_81002f7ee3604f645db4ebcfd1912acf":null,"_elementor_screenshot":null,"_oembed_7ea3429961cf98fa85da9747683af827":null,"_oembed_time_7ea3429961cf98fa85da9747683af827":null,"_elementor_controls_usage":null,"_elementor_page_assets":[],"_elementor_screenshot_failed":null,"theplus_transient_widgets":["tp-video-player"],"_eael_custom_js":null,"_wp_old_date":null,"_trp_automatically_translated_slug_it_it":null,"_trp_automatically_translated_slug_pt_pt":null,"_trp_automatically_translated_slug_zh_cn":null,"_trp_automatically_translated_slug_nl_nl":null,"_trp_automatically_translated_slug_pt_br":null,"_trp_automatically_translated_slug_sv_se":null,"rank_math_analytic_object_id":"845","rank_math_internal_links_processed":null,"_trp_automatically_translated_slug_ro_ro":null,"_trp_automatically_translated_slug_sk_sk":null,"_trp_automatically_translated_slug_bg_bg":null,"_trp_automatically_translated_slug_sl_si":null,"litespeed_vpi_list":["webhostinglogo.png"],"litespeed_vpi_list_mobile":["webhostinglogo.png"],"rank_math_seo_score":null,"rank_math_contentai_score":null,"ilj_limitincominglinks":null,"ilj_maxincominglinks":null,"ilj_limitoutgoinglinks":null,"ilj_maxoutgoinglinks":null,"ilj_limitlinksperparagraph":null,"ilj_linksperparagraph":null,"ilj_blacklistdefinition":null,"ilj_linkdefinition":["dnssec"],"_eb_reusable_block_ids":null,"rank_math_focus_keyword":"dnssec","rank_math_og_content_image":null,"_yoast_wpseo_metadesc":"","_yoast_wpseo_content_score":null,"_yoast_wpseo_focuskeywords":null,"_yoast_wpseo_keywordsynonyms":null,"_yoast_wpseo_estimated-reading-time-minutes":null,"rank_math_description":null,"surfer_last_post_update":null,"surfer_last_post_update_direction":null,"surfer_keywords":null,"surfer_location":null,"surfer_draft_id":null,"surfer_permalink_hash":null,"surfer_scrape_ready":null,"_thumbnail_id":"1197","footnotes":null,"_links":{"self":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts\/4397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/comments?post=4397"}],"version-history":[{"count":0,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/posts\/4397\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/media\/1197"}],"wp:attachment":[{"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/media?parent=4397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/categories?post=4397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhosting.de\/fr\/wp-json\/wp\/v2\/tags?post=4397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}