rfc-4033
DNS Security Introduction and Requirements
The Domain Name System Security Extensions (DNSSEC) add data origin authentication and data integrity to the Domain Name System. This document introduces these extensions and describes their capabilities and limitations. This document also discusses the services that the DNS security extensions do and do not provide. Last, this document describes the interrelationships between the documents that collectively describe DNSSEC. [STANDARDS-TRACK]
obsoletes
- rfc-2535 — Domain Name System Security Extensions
- rfc-3008 — Domain Name System Security (DNSSEC) Signing Authority
- rfc-3090 — DNS Security Extension Clarification on Zone Status
- rfc-3445 — Limiting the Scope of the KEY Resource Record (RR)
- rfc-3655 — Redefinition of DNS Authenticated Data (AD) bit
- rfc-3658 — Delegation Signer (DS) Resource Record (RR)
- rfc-3755 — Legacy Resolver Compatibility for Delegation Signer (DS)
- rfc-3757 — Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag
- rfc-3845 — DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
updated by
- rfc-6014 — Cryptographic Algorithm Identifier Allocation for DNSSEC
- rfc-6840 — Clarifications and Implementation Notes for DNS Security (DNSSEC)
updates
- rfc-1034 — Domain names - concepts and facilities
- rfc-1035 — Domain names - implementation and specification
- rfc-2136 — Dynamic Updates in the Domain Name System (DNS UPDATE)
- rfc-2181 — Clarifications to the DNS Specification
- rfc-2308 — Negative Caching of DNS Queries (DNS NCACHE)
- rfc-3225 — Indicating Resolver Support of DNSSEC
- rfc-3226 — DNSSEC and IPv6 A6 aware server/resolver message size requirements
- rfc-3597 — Handling of Unknown DNS Resource Record (RR) Types