RFC 2535 (rfc2535) - Page 2 of 47


Domain Name System Security Extensions



Alternative Format: Original Text Document



RFC 2535                DNS Security Extensions               March 1999


Acknowledgments

   The significant contributions and suggestions of the following
   persons (in alphabetic order) to DNS security are gratefully
   acknowledged:

      James M. Galvin
      John Gilmore
      Olafur Gudmundsson
      Charlie Kaufman
      Edward Lewis
      Thomas Narten
      Radia J. Perlman
      Jeffrey I. Schiller
      Steven (Xunhua) Wang
      Brian Wellington

Table of Contents

   Abstract...................................................1
   Acknowledgments............................................2
   1. Overview of Contents....................................4
   2. Overview of the DNS Extensions..........................5
   2.1 Services Not Provided..................................5
   2.2 Key Distribution.......................................5
   2.3 Data Origin Authentication and Integrity...............6
   2.3.1 The SIG Resource Record..............................7
   2.3.2 Authenticating Name and Type Non-existence...........7
   2.3.3 Special Considerations With Time-to-Live.............7
   2.3.4 Special Considerations at Delegation Points..........8
   2.3.5 Special Considerations with CNAME....................8
   2.3.6 Signers Other Than The Zone..........................9
   2.4 DNS Transaction and Request Authentication.............9
   3. The KEY Resource Record................................10
   3.1 KEY RDATA format......................................10
   3.1.1 Object Types, DNS Names, and Keys...................11
   3.1.2 The KEY RR Flag Field...............................11
   3.1.3 The Protocol Octet..................................13
   3.2 The KEY Algorithm Number Specification................14
   3.3 Interaction of Flags, Algorithm, and Protocol Bytes...15
   3.4 Determination of Zone Secure/Unsecured Status.........15
   3.5 KEY RRs in the Construction of Responses..............17
   4. The SIG Resource Record................................17
   4.1 SIG RDATA Format......................................17
   4.1.1 Type Covered Field..................................18
   4.1.2 Algorithm Number Field..............................18
   4.1.3 Labels Field........................................18
   4.1.4 Original TTL Field..................................19



Eastlake                    Standards Track