GB/T 33562-2017 English PDFUS$359.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 33562-2017: Information security technology -- Secure domain name system deployment guide Status: Valid
Basic dataStandard ID: GB/T 33562-2017 (GB/T33562-2017)Description (Translated English): Information security technology -- Secure domain name system deployment guide Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 18,186 Date of Issue: 2017-05-12 Date of Implementation: 2017-12-01 Quoted Standard: GB/T 5271.8-2001; GB/T 5271.9-2001; GB/T 25069-2010; GB/T 33134-2016; YD/T 2137-2010; YD/T 2138-2010; YD/T 2140-2010; YD/T 2586-2013 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the DNS security technology guide for domain name system security extension protocol (DNSSec) deployment process, such as authoritative domain name system security, recursive domain name system security, DNS transaction security, and DNS data security. This standard applies to the domain name system within the organization of the domain name system security management personnel. GB/T 33562-2017: Information security technology -- Secure domain name system deployment guide---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Information security technology - Secure domain name system deployment guide ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Security Domain Name System Implementation Guide 2017-05-12 released 2017-12-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China China National Standardization Management Committee released Directory Preface I Introduction II 1 Scope 1 2 normative reference document 1 3 Terms and definitions 1 4 acronym 4 5 DNS Security Technical Guide 5 5.1 Overview 5 5.2 Authoritative Domain Name System Security Guide 5 5.3 Recursive Domain Name System Security Guide 6 5.4 DNS Transaction Security Guide 6 5.5 DNS Data Security Guide 8 6 DNS Query/Response Security Guide (DNSSec Specification) 9 6.1 DNSSec mechanisms and operations 9 Generating Public and Private Key Pairs 6.3 Secure storage of private keys 10 6.4 Public key issuance and establishment of trust anchor 10 6.5 Signature and District Signature 10 6.6 key rotation 11 6.7 Creating Trust Chains and Signature Verification 11 Appendix A (informative) Specific BIND configuration commands 12 Reference 14 ForewordThis standard is drafted in accordance with the rules given in GB/T 1.1-2009. This standard is proposed by the National Information Security Standardization Technical Committee (SAC/TC260). The drafting of this standard. Shandong Institute of Standardization, China Internet Network Information Center, Tianjin Zhuolang Technology Development Co., Ltd., Qingdao Ethernet Technology Co., Ltd., Shenzhen Information Security Evaluation Center, Shenzhen Pingshan New Area Information Management Office, Changzhou rich country information Technology Co., Ltd., Liaoning Province Information Security and Software Evaluation and Certification Center, Qingdao University, Qingdao University of Science and Technology, Internet Domain Name System Beijing Engineering Research Center. The main drafters of this standard. Wang Shuguang, Wang Qingsheng, Gong Wei, Kui Yukai, Yao Jiankang, Liu Jie, Lin Minggui, Wang Wei, Wu Gang, Tang Zengli, Qiu Jianzhong, Li Wenhui, Tao Yiguo, Chen Duosi, Ding Feng, Yu Jia, Cheng Xiangguo, Liu Guozhu, Ma Di.IntroductionWith the development of network attack technology and the frequent occurrence of DNS vulnerabilities, the attacker has greatly shortened the hijacking DNS search process The time required for any step, so that the control of the session can be made faster to implement some kind of malicious operation. To eliminate this in the long run The only solution is to deploy the DNSSec protocol in an end-to-end form, that is, from the root zone to the final domain name. Are deployed DNSSec. Currently, DNSSec services have been deployed as root servers for the DNSSec trust chain. At the same time, with the industry on DNSSec Efforts to promote the top-level domain name management agencies have begun to deploy DNSSec services, but in the top-level domain under the secondary authority and recursive Domain support for DNSSec is relatively low. Although the domestic focus on the authority of the domain name server and the main recursive domain name server support for DNSSec Only 0.9% and 2.2%, but their support for DNSSec has improved significantly compared to the previous. This standard provides domain name system DNSSec deployment process for the authority of the domain name system security guide, recursive domain name system security guide, DNS Transaction Security Guide and DNS Data Security Guide DNS Security Technical Guide for DNSSec Deployment to Domain Name Domains Technical support and practice guidance. Information Security Technology Security Domain Name System Implementation Guide1 ScopeThis standard specifies the domain name system security extension protocol (DNSSec) deployment process authority domain name system security, recursive domain name system security Full, DNS transaction security, DNS data security and other DNS security technology guide. This standard applies to the domain name system within the organization of the domain name system security management personnel.2 normative reference documentsThe following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article Pieces. For undated references, the latest edition (including all modifications) applies to this document. Information technology - Vocabulary - Part 8. Security - GB/T 5271.8-2001 Information technology - Glossary - Part 9. Data communication GB/T 5271.9-2001 Information security technical terminology GB/T 25069-2010 Information security technology - Public domain name service system - Security requirements GB/T 33134-2016 Technical requirements for recursive server operation of domain name system YD/T Technical Requirements for Authoritative Server Operation of Domain Name System YD/T Technical Requirements for Security Framework of Domain Name Service YD/T 2586-2013 Domain Name Service System Security Extension (DNSSec) Protocol and Implementation Requirements3 terms and definitionsGB/T 5271.8-2001, GB/T 5271.9-2001, GB/T 25069-2010 The definitions and the following terms and definitions apply to This document. 3.1 Domain name system domainnamesystem A distributed Internet service system that maps domain names to certain predefined types of resource records (resourcerecord) Domain name server through mutual cooperation, the domain name will eventually be resolved to the corresponding resource records. 3.2 Namespace namespace A tree structure corresponding to a resource set (see Figure 1). ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 33562-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 33562-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 33562-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 33562-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
