RFC 2541 (rfc2541) - Page 1 of 7

DNS Security Operational Considerations

Network Working Group                                        D. Eastlake
Request for Comments: 2541                                           IBM
Category: Informational                                       March 1999


                DNS Security Operational Considerations

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   Secure DNS is based on cryptographic techniques.  A necessary part of
   the strength of these techniques is careful attention to the
   operational aspects of key and signature generation, lifetime, size,
   and storage.  In addition, special attention must be paid to the
   security of the high level zones, particularly the root zone.  This
   document discusses these operational aspects for keys and signatures
   used in connection with the KEY and SIG DNS resource records.

Acknowledgments

   The contributions and suggestions of the following persons (in
   alphabetic order) are gratefully acknowledged:

         John Gilmore
         Olafur Gudmundsson
         Charlie Kaufman
















Eastlake                     Informational