RFC 2065:Domain Name System Security Extensions
RFC-Ref

Domain Name System Security Extensions


1. Overview of Contents
2. Overview of the DNS Extensions
2.1. Services Not Provided
2.2. Key Distribution
2.3. Data Origin Authentication and Integrity
2.3.1. The SIG Resource Record
2.3.2. Authenticating Name and Type Non-existence
2.3.3. Special Considerations With Time-to-Live
2.3.4. Special Considerations at Delegation Points
2.3.5. Special Considerations with CNAME RRs
2.3.6. Signers Other Than The Zone
2.4. DNS Transaction and Request Authentication
3. The KEY Resource Record
3.1. KEY RDATA format
3.2. Object Types, DNS Names, and Keys
3.3. The KEY RR Flag Field
3.4. The Protocol Octet
3.5. The KEY Algorithm Number and the MD5/RSA Algorithm
3.6. Interaction of Flags, Algorithm, and Protocol Bytes
3.7. KEY RRs in the Construction of Responses
3.8. File Representation of KEY RRs
4. The SIG Resource Record
4.1. SIG RDATA Format
4.1.1. Signature Data
4.1.2. MD5/RSA Algorithm Signature Calculation
4.1.3. Zone Transfer (AXFR) SIG
4.1.4. Transaction and Request SIGs
4.2. SIG RRs in the Construction of Responses
4.3. Processing Responses and SIG RRs
4.4. Signature Expiration, TTLs, and Validity
4.5. File Representation of SIG RRs
5. Non-existent Names and Types
5.1. The NXT Resource Record
5.2. NXT RDATA Format
5.3. Example
5.4. Interaction of NXT RRs and Wildcard RRs
5.5. Blocking NXT Pseudo-Zone Transfers
5.6. Special Considerations at Delegation Points
6. The AD and CD Bits and How to Resolve Securely
6.1. The AD and CD Header Bits
6.2. Boot File Format
6.3. Chaining Through Zones
6.4. Secure Time
7. Operational Considerations
7.1. Key Size Considerations
7.2. Key Storage
7.3. Key Generation
7.4. Key Lifetimes
7.5. Signature Lifetime
7.6. Root
8. Conformance
8.1. Server Conformance
8.2. Resolver Conformance
9. Security Considerations
10. References
11. Authors' Addresses
12. Appendix: Base 64 Encoding

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org