Publicação
Atualização Automática dos registos DS (Delegation Signer) em domínios .pt
| dc.contributor.author | Salvado, Carolina Alexandra Adrião | |
| dc.contributor.institution | Faculdade de Ciências | |
| dc.contributor.institution | Departamento de Informática | |
| dc.contributor.supervisor | Cecílio, José Manuel da Silva | |
| dc.date.accessioned | 2026-01-19T12:45:02Z | |
| dc.date.available | 2026-01-19T12:45:02Z | |
| dc.date.issued | 2025 | |
| dc.description | Trabalho de Projeto de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de Ciências | |
| dc.description.abstract | DNSSEC (Domain Name System Security Extensions) is a critical extension to the DNS protocol designed to ensure the integrity and authenticity of the Domain Name System data. By protecting against attacks such as cache poisoning and man-in-the-middle, DNSSEC significantly enhances the security and trustworthiness of Internet communications. However, the manual management of DS (Delegation Signer) records remains a barrier to widespread adoption, particularly in the context of .pt domains, where the lack of automated mechanisms complicates maintaining the trust chain between zones. This project proposes and implements a technical solution for the automated update of DS records in the .pt zone, aiming to facilitate DNSSEC adoption and strengthen the resilience of the DNS ecosystem in Portugal. The approach is based on CDS/CDNSKEY methodologies and DNSSEC Bootstrapping, and was designed by analyzing best practices from other top-level domains (TLDs), such as .ch, .se, and .cz, and adapting them to the Portuguese operational context. The architecture comprises three main modules, which sequentially perform domain filtering, DNSSEC record consistency checks, and cryptographic validation before DS record publication. The system uses relational databases to store and track domain states over time, ensuring persistence, traceability, and support for automated decision-making. Throughout development, three distinct implementation variants were explored: a simple version for initial testing and functional validation, a distributed architecture utilizing Redis for large-scale processing, and a threadingbased approach for parallel execution in resource-constrained environments. These variations enabled the evaluation of different execution strategies, the identification of limitations, and the optimization of performance. Experimental evaluation focused on execution efficiency and resilience to distinct conditions, demonstrating that the proposed solution operates securely, scalably, and adaptively. The automation simplifies DNSSEC activation for domain holders and improves operational efficiency for the .pt registry. This project contributes to advancing cybersecurity in Portugal by promoting trust in DNS infrastructure and encouraging broader adoption of DNSSEC. | en |
| dc.format | application/pdf | |
| dc.identifier.tid | 204174848 | |
| dc.identifier.uri | http://hdl.handle.net/10400.5/116695 | |
| dc.language.iso | por | |
| dc.subject | DNSSEC | |
| dc.subject | CDS/CDNSKEY | |
| dc.subject | DNSSEC Bootstrapping | |
| dc.subject | DNSSEC Automation | |
| dc.subject | Delegation Signer | |
| dc.title | Atualização Automática dos registos DS (Delegation Signer) em domínios .pt | pt |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess |
Ficheiros
Principais
1 - 1 de 1
A carregar...
- Nome:
- TM_Carolina_Salvado.pdf
- Tamanho:
- 598.31 KB
- Formato:
- Adobe Portable Document Format