Posts

Showing posts from June, 2021

Is DHCPSEC a thing?

Dynamic Host Configuration Protocol (DHCP) and the Domain Name System (DNS) are both foundational IP network services, enabling devices to connect to networks (via automated DHCP address and parameter assignment) and to navigate networks (via DNS name-to-IP resolution). DNSSEC refers to DNS security extensions, which is an Internet standard for signing and validating digital signatures on DNS response data. This process requires the signature-validating resolver to possess a trusted key which validates the response data signature, and by so doing, authenticates the data as published by the domain administrator and affirms the integrity of the data as matching that which was published. A single trusted key can be used to validate the entire Internet name space, thanks to the DNSSEC "chain of trust" mirroring the immanent DNS domain hierarchy up to the root zone.  In the DHCP realm, there is no such hierarchy and a given mobile device could roam across multiple networks, each w