|
Split-horizon DNS
In computer networking, split-horizon DNS (also known as split-view DNS, split-brain DNS, or split DNS) is the facility of a Domain Name System (DNS) implementation to provide different sets of DNS information, usually selected by the source address of the DNS request. This facility can provide a mechanism for security and privacy management by logical or physical separation of DNS information for network-internal access (within an administrative domain, e.g., company) and access from an unsecure, public network (e.g. the Internet). Implementation of split-horizon DNS can be accomplished with hardware-based separation or by software solutions. Hardware-based implementations run distinct DNS server devices for the desired access granularity within the networks involved. Software solutions use either multiple DNS server processes on the same hardware or special server software with the built-in capability of discriminating access to DNS zone records. The latter is a common feature ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Networking
A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies, based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies. The nodes of a computer network can include personal computers, servers, networking hardware, or other specialised or general-purpose hosts. They are identified by network addresses, and may have hostnames. Hostnames serve as memorable labels for the nodes, rarely changed after initial assignment. Network addresses serve for locating and identifying the nodes by communication protocols such as the Internet Protocol. Computer networks may be classified by many criteria, including the transmission medium used to carry signals, bandwidth, communications pr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault-tolerant service and was designed to avoid a single large central ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Administrative Domain
An administrative domain is a service provider holding a security repository permitting to easily authenticate and authorize clients with credentials. This particularly applies to computer network security. This concept is captured by the 'AdminDomain' class of the GLUE information model.http://www.ogf.org/documents/GFD.147.pdf GLUE Specification v. 2.0 (Open Grid Forum) An administrative domain is mainly used in intranet environments. Implementation It may be implemented as a collection of hosts and routers, and the interconnecting network(s), managed by a single administrative authority. Interoperation between different administrative domains having different security repositories, different security software or different security policies is notoriously difficult. Therefore, administrative domains wishing ad hoc interoperation or full interoperability Interoperability is a characteristic of a product or system to work with other products or systems. While the term w ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internet
The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing. The origins of the Internet date back to the development of packet switching and research commissioned by the United States Department of Defense in the 1960s to enable time-sharing of computers. The primary precursor network, the ARPANET, initially served as a backbone for interconnection of regional academic and military networks in the 1970s to enable resource shari ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DNS Zone
A DNS zone is a specific portion of the DNS namespace in the Domain Name System (DNS), which is managed by a specific organization or administrator. A DNS zone is an administrative space that allows for more granular control of the DNS components, such as authoritative nameserver. The DNS is broken up into many different zones, which are distinctly managed areas in the DNS namespace. DNS zones are not necessarily physically separated from one another, however, a DNS zone can contain multiple subdomains and multiple zones can exist on the same server. The domain namespace of the Internet is organized into a hierarchical layout of subdomains below the DNS root domain. The individual domains of this tree may serve as delegation points for administrative authority and management. However, usually, it is furthermore desirable to implement fine-grained boundaries of delegation, so that multiple sub-levels of a domain may be managed independently. Therefore, the domain name space is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Comparison Of DNS Server Software
This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software. Servers compared Each of these DNS servers is an independent implementation of the DNS protocols, capable of resolving DNS names for other computers, publishing the DNS names of computers, or both. Excluded from consideration are single-feature DNS tools (such as proxies, filters, and firewalls) and redistributions of servers listed here (many products repackage BIND, for instance, with proprietary user interfaces). DNS servers are grouped into several categories of specialization of servicing domain name system queries. The two principal roles, which may be implemented either uniquely or combined in a given product are: * Authoritative server: authoritative name servers publish DNS mappings for domains under their ''authoritative'' control. Typically, a company (e.g. "Acme Example Widgets") would provide its ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DNSSEC
The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality. Overview The original design of the Domain Name System did not include any security features. It was conceived only as a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempt to add security, while maintaining backward compatibility. Request for Comments 3833 documents some of the known threats to the DNS, and their solutions in DNSSEC. DNSSEC was designed to protect applications using DNS from accepting forged or manipulated DNS data, such as that created by DNS cache poisoning. All answers from DNSSEC protected zones are digitally signed. By checking the d ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Split Horizon Route Advertisement
In computer networking, split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. The concept was suggested in 1974 by Torsten Cegrell, and originally implemented in the ARPANET-inspired Swedish network TIDAS. Terminology Here is some basic terminology: * Route poisoning: if a node N learns that its route to a destination D is unreachable, inform that to all nodes in the network by sending them a message stating that the distance from N to D, as perceived by N, is infinite. * Split horizon rule: if a node N uses interface I to transmit to a given destination D, N should not send through I new information about D. * Poison reverse rule: if a node N uses interface I to transmit to a given destination D, N sends through I the information that its cost-to-go to D is infinite. Whereas under split horizon N does not send any i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
