RFC 2065 (rfc2065) - Page 3 of 41
Domain Name System Security Extensions
Alternative Format: Original Text Document
RFC 2065 DNS Security Extensions January 1997
4.4 Signature Expiration, TTLs, and Validity..............24
4.5 File Representation of SIG RRs........................25
5. Non-existent Names and Types...........................26
5.1 The NXT Resource Record...............................26
5.2 NXT RDATA Format......................................27
5.3 Example...............................................28
5.4 Interaction of NXT RRs and Wildcard RRs...............28
5.5 Blocking NXT Pseudo-Zone Transfers....................29
5.6 Special Considerations at Delegation Points...........29
6. The AD and CD Bits and How to Resolve Securely.........30
6.1 The AD and CD Header Bits.............................30
6.2 Boot File Format......................................32
6.3 Chaining Through Zones................................32
6.4 Secure Time...........................................33
7. Operational Considerations.............................33
7.1 Key Size Considerations...............................34
7.2 Key Storage...........................................34
7.3 Key Generation........................................35
7.4 Key Lifetimes.........................................35
7.5 Signature Lifetime....................................36
7.6 Root..................................................36
8. Conformance............................................36
8.1 Server Conformance....................................36
8.2 Resolver Conformance..................................37
9. Security Considerations................................37
References................................................38
Authors' Addresses........................................39
Appendix: Base 64 Encoding................................40
1. Overview of Contents
This document describes extensions of the Domain Name System (DNS)
protocol to support DNS security and public key distribution. It
assumes that the reader is familiar with the Domain Name System,
particularly as described in RFCs 1033, 1034, and 1035.
Section 2 provides an overview of the extensions and the key
distribution, data origin authentication, and transaction and request
security they provide.
Section 3 discusses the KEY resource record, its structure, use in
DNS responses, and file representation. These resource records
represent the public keys of entities named in the DNS and are used
for key distribution.
Eastlake & Kaufman Standards Track