RFC 2535 (rfc2535) - Page 2 of 47
Domain Name System Security Extensions
Alternative Format: Original Text Document
RFC 2535 DNS Security Extensions March 1999
Acknowledgments
The significant contributions and suggestions of the following
persons (in alphabetic order) to DNS security are gratefully
acknowledged:
James M. Galvin
John Gilmore
Olafur Gudmundsson
Charlie Kaufman
Edward Lewis
Thomas Narten
Radia J. Perlman
Jeffrey I. Schiller
Steven (Xunhua) Wang
Brian Wellington
Table of Contents
Abstract...................................................1
Acknowledgments............................................2
1. Overview of Contents....................................4
2. Overview of the DNS Extensions..........................5
2.1 Services Not Provided..................................5
2.2 Key Distribution.......................................5
2.3 Data Origin Authentication and Integrity...............6
2.3.1 The SIG Resource Record..............................7
2.3.2 Authenticating Name and Type Non-existence...........7
2.3.3 Special Considerations With Time-to-Live.............7
2.3.4 Special Considerations at Delegation Points..........8
2.3.5 Special Considerations with CNAME....................8
2.3.6 Signers Other Than The Zone..........................9
2.4 DNS Transaction and Request Authentication.............9
3. The KEY Resource Record................................10
3.1 KEY RDATA format......................................10
3.1.1 Object Types, DNS Names, and Keys...................11
3.1.2 The KEY RR Flag Field...............................11
3.1.3 The Protocol Octet..................................13
3.2 The KEY Algorithm Number Specification................14
3.3 Interaction of Flags, Algorithm, and Protocol Bytes...15
3.4 Determination of Zone Secure/Unsecured Status.........15
3.5 KEY RRs in the Construction of Responses..............17
4. The SIG Resource Record................................17
4.1 SIG RDATA Format......................................17
4.1.1 Type Covered Field..................................18
4.1.2 Algorithm Number Field..............................18
4.1.3 Labels Field........................................18
4.1.4 Original TTL Field..................................19
Eastlake Standards Track