RFC 2535:Domain Name System Security Extensions
RFC-Ref
Previous
|
Next
Frontpage
|
Contents
|
Keywords
Domain Name System Security Extensions
1. Overview of Contents
2. Overview of the DNS Extensions
2.1. Services Not Provided
2.2. Key Distribution
2.3. Data Origin Authentication and Integrity
2.3.1. The SIG Resource Record
2.3.2. Authenticating Name and Type Non-existence
2.3.3. Special Considerations With Time-to-Live
2.3.4. Special Considerations at Delegation Points
2.3.5. Special Considerations with CNAME
2.3.6. Signers Other Than The Zone
2.4. DNS Transaction and Request Authentication
3. The KEY Resource Record
3.1. KEY RDATA format
3.1.1. Object Types, DNS Names, and Keys
3.1.2. The KEY RR Flag Field
3.1.3. The Protocol Octet
3.2. The KEY Algorithm Number Specification
3.3. Interaction of Flags, Algorithm, and Protocol Bytes
3.4. Determination of Zone Secure/Unsecured Status
3.5. KEY RRs in the Construction of Responses
4. The SIG Resource Record
4.1. SIG RDATA Format
4.1.1. Type Covered Field
4.1.2. Algorithm Number Field
4.1.3. Labels Field
4.1.4. Original TTL Field
4.1.5. Signature Expiration and Inception Fields
4.1.6. Key Tag Field
4.1.7. Signer's Name Field
4.1.8. Signature Field
4.1.8.1. Calculating Transaction and Request SIGs
4.2. SIG RRs in the Construction of Responses
4.3. Processing Responses and SIG RRs
4.4. Signature Lifetime, Expiration, TTLs, and Validity
5. Non-existent Names and Types
5.1. The NXT Resource Record
5.2. NXT RDATA Format
5.3. Additional Complexity Due to Wildcards
5.4. Example
5.5. Special Considerations at Delegation Points
5.6. Zone Transfers
5.6.1. Full Zone Transfers
5.6.2. Incremental Zone Transfers
6. How to Resolve Securely and the AD and CD Bits
6.1. The AD and CD Header Bits
6.2. Staticly Configured Keys
6.3. Chaining Through The DNS
6.3.1. Chaining Through KEYs
6.3.2. Conflicting Data
6.4. Secure Time
7. ASCII Representation of Security RRs
7.1. Presentation of KEY RRs
7.2. Presentation of SIG RRs
7.3. Presentation of NXT RRs
8. Canonical Form and Order of Resource Records
8.1. Canonical RR Form
8.2. Canonical DNS Name Order
8.3. Canonical RR Ordering Within An RRset
8.4. Canonical Ordering of RR Types
9. Conformance
9.1. Server Conformance
9.2. Resolver Conformance
10. Security Considerations
11. IANA Considerations
12. References
13. Author's Address
14. Appendix A: Base 64 Encoding
15. Appendix B: Changes from RFC 2065
16. Appendix C: Key Tag Calculation
17. Full Copyright Statement
Previous
|
Next
Frontpage
|
Contents
|
Keywords
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org
