rfc-4034

Resource Records for the DNS Security Extensions

R. Arends, R. Austein, M. Larson, D. Massey, S. Rose

date2005-03 streamIETF areaint wgdnsext statusPROPOSED STANDARD pages29 canonicalhttps://www.rfc-editor.org/rfc/rfc4034 doi10.17487/RFC4034 errataview

This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of resource records and protocol modifications that provide source authentication for the DNS. This document defines the public key (DNSKEY), delegation signer (DS), resource record digital signature (RRSIG), and authenticated denial of existence (NSEC) resource records. The purpose and format of each resource record is described in detail, and an example of each resource record is given. This document obsoletes RFC 2535 and incorporates changes from all updates to RFC 2535. [STANDARDS-TRACK]

obsoletes

rfc-2535 — Domain Name System Security Extensions
rfc-3008 — Domain Name System Security (DNSSEC) Signing Authority
rfc-3090 — DNS Security Extension Clarification on Zone Status
rfc-3445 — Limiting the Scope of the KEY Resource Record (RR)
rfc-3655 — Redefinition of DNS Authenticated Data (AD) bit
rfc-3658 — Delegation Signer (DS) Resource Record (RR)
rfc-3755 — Legacy Resolver Compatibility for Delegation Signer (DS)
rfc-3757 — Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag
rfc-3845 — DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format

updated by

rfc-4470 — Minimally Covering NSEC Records and DNSSEC On-line Signing
rfc-6014 — Cryptographic Algorithm Identifier Allocation for DNSSEC
rfc-6840 — Clarifications and Implementation Notes for DNS Security (DNSSEC)
rfc-6944 — Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status
rfc-9077 — NSEC and NSEC3: TTLs and Aggressive Use
rfc-9824 — Compact Denial of Existence in DNSSEC
rfc-9905 — Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms

updates

rfc-1034 — Domain names - concepts and facilities
rfc-1035 — Domain names - implementation and specification
rfc-2136 — Dynamic Updates in the Domain Name System (DNS UPDATE)
rfc-2181 — Clarifications to the DNS Specification
rfc-2308 — Negative Caching of DNS Queries (DNS NCACHE)
rfc-3225 — Indicating Resolver Support of DNSSEC
rfc-3226 — DNSSEC and IPv6 A6 aware server/resolver message size requirements
rfc-3597 — Handling of Unknown DNS Resource Record (RR) Types