RFC 2535 (rfc2535) - Page 1 of 47


Domain Name System Security Extensions



Alternative Format: Original Text Document



Network Working Group                                         D. Eastlake
Request for Comments: 2535                                            IBM
Obsoletes: 2065                                                March 1999
Updates: 2181, 1035, 1034
Category: Standards Track

                 Domain Name System Security Extensions

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   Extensions to the Domain Name System (DNS) are described that provide
   data integrity and authentication to security aware resolvers and
   applications through the use of cryptographic digital signatures.
   These digital signatures are included in secured zones as resource
   records.  Security can also be provided through non-security aware
   DNS servers in some cases.

   The extensions provide for the storage of authenticated public keys
   in the DNS.  This storage of keys can support general public key
   distribution services as well as DNS security.  The stored keys
   enable security aware resolvers to learn the authenticating key of
   zones in addition to those for which they are initially configured.
   Keys associated with DNS names can be retrieved to support other
   protocols.  Provision is made for a variety of key types and
   algorithms.

   In addition, the security extensions provide for the optional
   authentication of DNS protocol transactions and requests.

   This document incorporates feedback on RFC 2065 from early
   implementers and potential users.








Eastlake                    Standards Track