Suggested Answer:D🗳️
To implement DNSSEC, no additional changes are needed to applications or their code because the integrity checks are all performed at the system level.
DNSSEC (Domain Name System Security Extensions) is handled at the DNS infrastructure and resolver level, rather than at the application code level. As long as the underlying DNS resolvers and infrastructure support DNSSEC, applications typically don’t require any additional changes to start benefiting from the secure DNS lookups.
It's very unlikely this question is asked just to be pointless and with no action needed. I think as per specified by contributor DA95, option C is correct.
To facilitate signature validation, DNSSEC adds a few new DNS record types:
RRSIG - Contains a cryptographic signature
DNSKEY - Contains a public signing key
DS - Contains the hash of a DNSKEY record
NSEC and NSEC3 - For explicit denial-of-existence of a DNS record
CDNSKEY and CDS - For a child zone requesting updates to DS record(s) in the parent zone.
In order to implement DNSSEC, some changes to application code may be necessary. DNSSEC is a security extension to the Domain Name System (DNS) that provides authentication for DNS lookups. To implement DNSSEC, application code may need to be updated to perform additional DNS lookups in order to verify the authenticity of DNS records. This may involve adding code to perform cryptographic operations in order to validate DNSSEC signatures. Therefore, the correct answer is option C, "Additional DNS lookups."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaciekMT
2 days, 2 hours agoArashV
3 weeks, 5 days agonzboy123
1 month, 3 weeks agoDA95
2 months, 1 week agoakg001
9 months, 1 week ago