rfc-4035

Protocol Modifications for the DNS Security Extensions

R. Arends, R. Austein, M. Larson, D. Massey, S. Rose

date2005-03 streamIETF areaint wgdnsext statusPROPOSED STANDARD pages53 canonicalhttps://www.rfc-editor.org/rfc/rfc4035 doi10.17487/RFC4035 errataview

This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requirements for serving and resolving by using DNSSEC. These techniques allow a security-aware resolver to authenticate both DNS resource records and authoritative DNS error indications. This document obsoletes RFC 2535 and incorporates changes from all updates to RFC 2535. [STANDARDS-TRACK]

obsoletes

rfc-2535 — Domain Name System Security Extensions
rfc-3008 — Domain Name System Security (DNSSEC) Signing Authority
rfc-3090 — DNS Security Extension Clarification on Zone Status
rfc-3445 — Limiting the Scope of the KEY Resource Record (RR)
rfc-3655 — Redefinition of DNS Authenticated Data (AD) bit
rfc-3658 — Delegation Signer (DS) Resource Record (RR)
rfc-3755 — Legacy Resolver Compatibility for Delegation Signer (DS)
rfc-3757 — Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag
rfc-3845 — DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format

updated by

rfc-4470 — Minimally Covering NSEC Records and DNSSEC On-line Signing
rfc-6014 — Cryptographic Algorithm Identifier Allocation for DNSSEC
rfc-6840 — Clarifications and Implementation Notes for DNS Security (DNSSEC)
rfc-8198 — Aggressive Use of DNSSEC-Validated Cache
rfc-9077 — NSEC and NSEC3: TTLs and Aggressive Use
rfc-9520 — Negative Caching of DNS Resolution Failures
rfc-9824 — Compact Denial of Existence in DNSSEC

updates

rfc-1034 — Domain names - concepts and facilities
rfc-1035 — Domain names - implementation and specification
rfc-2136 — Dynamic Updates in the Domain Name System (DNS UPDATE)
rfc-2181 — Clarifications to the DNS Specification
rfc-2308 — Negative Caching of DNS Queries (DNS NCACHE)
rfc-3225 — Indicating Resolver Support of DNSSEC
rfc-3226 — DNSSEC and IPv6 A6 aware server/resolver message size requirements
rfc-3597 — Handling of Unknown DNS Resource Record (RR) Types