RFC - 2065
Domain Name System Security Extensions
| Original: | ftp://ftp.isi.edu/in-notes/rfc2065.txt |
|---|---|
| Authors: | D. Eastlake, 3rd [CyberCash], C. Kaufman [Iris] |
| Date: | January 1997 |
| Category: | Informational |
| This specification has been !!! obsoleted !!! | |
| Obsoleted by: | |
|---|---|
| RFC-2535 | Domain Name System Security Extensions (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3755, RFC-3757, RFC-3226prop, RFC-3658, RFC-3655, RFC-3007prop, RFC-3008, RFC-3845, RFC-3597prop, RFC-3445, RFC-3090, RFC-2931prop) |
| Updates: | |
|---|---|
| RFC-1035std13 [STD 13] |
Domain names - implementation and specification (Updated by RFC-1876exp, RFC-1348, RFC-4033prop, RFC-4035prop, RFC-4034prop, RFC-2308prop, RFC-2065, RFC-2845prop, RFC-2181prop, RFC-1995prop, RFC-1996prop, RFC-2535, RFC-4343prop, RFC-3658, RFC-1982prop, RFC-2136prop, RFC-3425prop, RFC-1101, RFC-1183exp, RFC-2137) |
| RFC-1034std13 [STD 13] |
Domain names - concepts and facilities (Updated by RFC-1876exp, RFC-1348, RFC-4033prop, RFC-4035prop, RFC-4034prop, RFC-2308prop, RFC-2065, RFC-2181prop, RFC-2535, RFC-4343prop, RFC-1982prop, RFC-4592prop, RFC-1101, RFC-1183exp) |
| Referred by: | 35 RFC |
| Refers to: | 10 RFC |
Status
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Abstract
The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. These digital signatures are included in secured zones as resource records. Security can still be provided even through non-security aware DNS servers in many cases.
The extensions also provide for the storage of authenticated public keys in the DNS. This storage of keys can support general public key distribution service as well as DNS security. The stored keys enable security aware resolvers to learn the authenticating key of zones in addition to those for which they are initially configured. Keys associated with DNS names can be retrieved to support other protocols. Provision is made for a variety of key types and algorithms.
In addition, the security extensions provide for the optional authentication of DNS protocol transactions. Acknowledgments
The significant contributions of the following persons (in alphabetic order) to this document are gratefully acknowledged:
Harald T. Alvestrand
Madelyn Badger
Scott Bradner
Matt Crawford
James M. Galvin
Olafur Gudmundsson
Edie Gunter
Sandy Murphy
Masataka Ohta
Michael A. Patton
Jeffrey I. Schiller
-
prepared by Miloslav Nic
- the founder of Zvon.org and Law-Ref.org
- the head of B.Sc. program Informatics and chemistry [in Czech]
- the founder of Lidem.org - Volby 2006 - parliamentary elections in the Czech Republic [in Czech]
- the chief consultant of the publishing house ICT Press
- and Pavel Srb, a student of B.Sc. program Informatics and chemistry