Great job interpreting DNSSec for secure domains. Google's future prospects on the Internet include encryption - a secure connection (HTTPS) is required for all websites. Google has implemented unsafe warnings for domains. Google will block (HTTP) domains next year or so.
Yooo man You are the real MVP Current MCSA books don't give a thing about this terminology and explanation Edit: I don't have any DNS practice, and i was struggling understanding DNSSEC from 70-741 exam Thanks a lot
This is a great video, but it would be even better, if you highlighted the parts you are currently talking about (since it is a bit difficoult to orientate in all the items). Anyway thanks for the explanation, it helped a lot.
very good video. cleared the concept . cloudflare also has some good articles / blogs written on dnssec and complexities it brings in.this video and those blogs should be good starting point for everyone
You have to study this to get it all but the gist of it is clear - DNSSEC makes it harder to hijack a web request by having domain name servers retain records for a domain that allow an independent server to validate it before the user connects with it.
A goog presentation does not make its presenter obsolete. This does! A more visually supportive presentation would have been miles better and easier to create.
Thanks indeed for this explanation. DNSSEC still does not give the impression of a simple system. Could that be the reason for the limited implementation?
Does this mean dnssec is not depended on HTTPS digital signatures? so digital signatures we receive on HTTPS are different to digital certificate of DNSSEC?
Great video but I would recommend raising the volume a bit. I struggled to hear you even with my volume all the way up. I appreciate the effort regardless!
Very well made slides! Although I don't really think there's a point to making this a video/narrating over it if you just read completely off the slides.
why can't the Root zone, be the one to comunicate to the TLD, then the TLD comminicate with the DBL zone, all using dnssec, then the root reply with the correct answer?
on 4:05 your picture says that Jamie Lee does decrypt a digest encrypted by Arnolds private key by using Arnold's public key. By definition you can not decrypt with a public Key. i think you meant that Jamie Lee does encrypt the hash of the sent document and then compare that to the send encrypted digest. am i right ?
I'm a little confused by this question. in asymmetrical cryptography you encrypt something using your own private key, then can send it to whomever you like and include your public key. In the example Jamie Lee can then run his own hash on the document, and run another hash on the decrypted digest using the public key and if they both match, this ensures integrity.
I think the correct terminology should have been that Arnold generates a digital signature using his private key, and then Jamie Lee verifies that signature using Arnold's public key. For encryption, the key pair would be used the opposite way, the public key is used to encrypt which can then be decrypted using the private key.
What should have happened is that Arnold use Jamie Lee's public key to hash his message, then Jamie Lee can open the message with his private key. But nobody else can see the message.
I’m afraid you’re incorrect. If you do a little bit more research, I think you’ll see why.It seems that you might be confusing the asymmetric key encryption (public key encryption) of a document with the digital signing of a document.Next, consider the following thought experiment: if Arnold wanted to digitally sign an unencrypted document and then give it to millions of different recipients, how would he sign that document?Lastly, I prefer to answer these questions on my blog.Thanks, and have a great day!
I was looking up for your blog. RIP, you are making an impact event after you left this world! amazing explanation.
Terribly good explained. There are tons of videos pretending to explain DNSSec, yours do it for real!!! Very well done. Thanks a lot.
Thank you, Daniel, nobody opened DNSSEC like you. Thanks a million ❤
Very well presented. Have seen a lot of content for DNSSec but havent found anything as clear and concise as this.
Great explanation, I lost some hours trying to understand the DNSSec and now, I got everything I need. Thanks for the good material.
Great job interpreting DNSSec for secure domains. Google's future prospects on the Internet include encryption - a secure connection (HTTPS) is required for all websites. Google has implemented unsafe warnings for domains. Google will block (HTTP) domains next year or so.
Best video on the subject, thank you for the explanation.
This was great! Clear explanations.Thanks for taking the time to make this.
The best explanation of DNSSEC on youtube
Awesome thanks for helping my understand dnssec better!
Yooo man
You are the real MVP
Current MCSA books don't give a thing about this terminology and explanation
Edit:
I don't have any DNS practice, and i was struggling understanding DNSSEC from 70-741 exam
Thanks a lot
This is a great video, but it would be even better, if you highlighted the parts you are currently talking about (since it is a bit difficoult to orientate in all the items).
Anyway thanks for the explanation, it helped a lot.
very good video. cleared the concept . cloudflare also has some good articles / blogs written on dnssec and complexities it brings in.this video and those blogs should be good starting point for everyone
Thanks for such a simple and clear explanation.
Fantastic explanation!
Somebody needs to put you in charge of something. You know what you're talking about.
A very clear explanation! Thank you good sir!
You have to study this to get it all but the gist of it is clear - DNSSEC makes it harder to hijack a web request by having domain name servers retain records for a domain that allow an independent server to validate it before the user connects with it.
A goog presentation does not make its presenter obsolete. This does!
A more visually supportive presentation would have been miles better and easier to create.
bravo! clear, quick, intense. interetesting !
Thanks indeed for this explanation. DNSSEC still does not give the impression of a simple system. Could that be the reason for the limited implementation?
Motivation of DNSSEC and also its detailed explanation. Also, the difference between iterative and recursive dns queries.
If there's a malicious server pretending to be the original one, isn't there a way to know the difference between them, for example, in the URL?
Does this mean dnssec is not depended on HTTPS digital signatures? so digital signatures we receive on HTTPS are different to digital certificate of DNSSEC?
Great video but I would recommend raising the volume a bit. I struggled to hear you even with my volume all the way up. I appreciate the effort regardless!
Very nice presentation.. but perhaps you forgot to explain what is DNSKey
Daniel, can you please share the reference/blog links.
your information really helped a lot. Great work 👍
Very well explained. Thank you !!!
Awesome Explanation...Kudos.
@9:02 why not just encrypt the request with the root pubksk, then send it to the root server, with your own public-key?
Thank you for the awesome explanation!
Great video
Very well made slides! Although I don't really think there's a point to making this a video/narrating over it if you just read completely off the slides.
Thanks so much, very helpful. If it's still completely valid, you may want to upload it afresh, to have a newer date.
Is it good or bad for an exclusive life?
Awesome slides Daniel
why can't the Root zone, be the one to comunicate to the TLD, then the TLD comminicate with the DBL zone, all using dnssec, then the root reply with the correct answer?
This would put extra strain on the root servers. The DNS protocol is designed to avoid such things.
thank you sooooo much that was awesome
on 4:05 your picture says that Jamie Lee does decrypt a digest encrypted by Arnolds private key by using Arnold's public key. By definition you can not decrypt with a public Key. i think you meant that Jamie Lee does encrypt the hash of the sent document and then compare that to the send encrypted digest. am i right ?
I'm a little confused by this question. in asymmetrical cryptography you encrypt something using your own private key, then can send it to whomever you like and include your public key. In the example Jamie Lee can then run his own hash on the document, and run another hash on the decrypted digest using the public key and if they both match, this ensures integrity.
I think the correct terminology should have been that Arnold generates a digital signature using his private key, and then Jamie Lee verifies that signature using Arnold's public key. For encryption, the key pair would be used the opposite way, the public key is used to encrypt which can then be decrypted using the private key.
"Who needs it?" "Everyone!"
good stuff
Good attempt and appreciate your effort , BUT the font on slides is so hard to read and wrong colour scheme used for the diagrams.
thanks a lot!
Very complicated explanation, not so clear. Lacks some real examples including real keys and records. Too theoretical
"special shoutout to al gore" omegalul xDD
Great video even dummy as me got it.
cool
DNS sec starts at ua-cam.com/video/_8M_vuFcdZU/v-deo.html
very low volume+++++++++++
RIP
dubdubdub
(deleted)
3:24 I disagree with this. If Arnold hash using Arnolds private key, then everyone can decrypt Arnolds message with Arnolds public key.
What should have happened is that Arnold use Jamie Lee's public key to hash his message, then Jamie Lee can open the message with his private key. But nobody else can see the message.
I’m afraid you’re incorrect. If you do a little bit more research, I think you’ll see why.It seems that you might be confusing the asymmetric key encryption (public key encryption) of a document with the digital signing of a document.Next, consider the following thought experiment: if Arnold wanted to digitally sign an unencrypted document and then give it to millions of different recipients, how would he sign that document?Lastly, I prefer to answer these questions on my blog.Thanks, and have a great day!
So DNSsec is not using RSA for signing?