Knowledge Base

About confidentiality vs. authentication?

Within the context of DNS, security only refers to authentication, not confidentiality. DNSSEC extends DNS so that resolvers can receive provably correct information. DNS itself (the protocol, not necessarily all implementations) has no way of hiding data – a query can originate from any host, and any host will receive the same answer to the same query. Access control is not part of DNS, and it is not part of DNSSEC. Information designed for private viewing should not be stored in DNS.

Was this article helpful?