RFC 2065 (rfc2065) - Page 2 of 41
Domain Name System Security Extensions
Alternative Format: Original Text Document
RFC 2065 DNS Security Extensions January 1997
Acknowledgments
The significant contributions of the following persons (in alphabetic
order) to this document are gratefully acknowledged:
Harald T. Alvestrand
Madelyn Badger
Scott Bradner
Matt Crawford
James M. Galvin
Olafur Gudmundsson
Edie Gunter
Sandy Murphy
Masataka Ohta
Michael A. Patton
Jeffrey I. Schiller
Table of Contents
1. Overview of Contents....................................3
2. Overview of the DNS Extensions.........................4
2.1 Services Not Provided..................................4
2.2 Key Distribution.......................................5
2.3 Data Origin Authentication and Integrity...............5
2.3.1 The SIG Resource Record..............................6
2.3.2 Authenticating Name and Type Non-existence...........7
2.3.3 Special Considerations With Time-to-Live.............7
2.3.4 Special Considerations at Delegation Points..........7
2.3.5 Special Considerations with CNAME RRs................8
2.3.6 Signers Other Than The Zone..........................8
2.4 DNS Transaction and Request Authentication.............8
3. The KEY Resource Record.................................9
3.1 KEY RDATA format......................................10
3.2 Object Types, DNS Names, and Keys.....................10
3.3 The KEY RR Flag Field.................................11
3.4 The Protocol Octet....................................13
3.5 The KEY Algorithm Number and the MD5/RSA Algorithm....13
3.6 Interaction of Flags, Algorithm, and Protocol Bytes...14
3.7 KEY RRs in the Construction of Responses..............15
3.8 File Representation of KEY RRs........................16
4. The SIG Resource Record................................16
4.1 SIG RDATA Format......................................17
4.1.1 Signature Data......................................19
4.1.2 MD5/RSA Algorithm Signature Calculation.............20
4.1.3 Zone Transfer (AXFR) SIG............................21
4.1.4 Transaction and Request SIGs........................22
4.2 SIG RRs in the Construction of Responses..............23
4.3 Processing Responses and SIG RRs......................24
Eastlake & Kaufman Standards Track