RFC 2065 (rfc2065) - Page 2 of 41

Domain Name System Security Extensions

Alternative Format: Original Text Document
< Previous
Next >
RFC 2065                DNS Security Extensions             January 1997


Acknowledgments

   The significant contributions of the following persons (in alphabetic
   order) to this document are gratefully acknowledged:

           Harald T. Alvestrand
           Madelyn Badger
           Scott Bradner
           Matt Crawford
           James M. Galvin
           Olafur Gudmundsson
           Edie Gunter
           Sandy Murphy
           Masataka Ohta
           Michael A. Patton
           Jeffrey I. Schiller

Table of Contents

   1. Overview of Contents....................................3
   2.  Overview of the DNS Extensions.........................4
   2.1 Services Not Provided..................................4
   2.2 Key Distribution.......................................5
   2.3 Data Origin Authentication and Integrity...............5
   2.3.1 The SIG Resource Record..............................6
   2.3.2 Authenticating Name and Type Non-existence...........7
   2.3.3 Special Considerations With Time-to-Live.............7
   2.3.4 Special Considerations at Delegation Points..........7
   2.3.5 Special Considerations with CNAME RRs................8
   2.3.6 Signers Other Than The Zone..........................8
   2.4 DNS Transaction and Request Authentication.............8
   3. The KEY Resource Record.................................9
   3.1 KEY RDATA format......................................10
   3.2 Object Types, DNS Names, and Keys.....................10
   3.3 The KEY RR Flag Field.................................11
   3.4 The Protocol Octet....................................13
   3.5 The KEY Algorithm Number and the MD5/RSA Algorithm....13
   3.6 Interaction of Flags, Algorithm, and Protocol Bytes...14
   3.7 KEY RRs in the Construction of Responses..............15
   3.8 File Representation of KEY RRs........................16
   4. The SIG Resource Record................................16
   4.1 SIG RDATA Format......................................17
   4.1.1 Signature Data......................................19
   4.1.2 MD5/RSA Algorithm Signature Calculation.............20
   4.1.3 Zone Transfer (AXFR) SIG............................21
   4.1.4 Transaction and Request SIGs........................22
   4.2 SIG RRs in the Construction of Responses..............23
   4.3 Processing Responses and SIG RRs......................24



Eastlake & Kaufman          Standards Track
< Previous
Next >