RFC - 3658
Delegation Signer (DS) Resource Record (RR)
| Original: | ftp://ftp.isi.edu/in-notes/rfc3658.txt |
|---|---|
| Authors: | O. Gudmundsson [] |
| Date: | December 2003 |
| Category: | Informational |
| This specification has been !!! obsoleted !!! | |
| Obsoleted by: | |
|---|---|
| RFC-4035prop | Protocol Modifications for the DNS Security Extensions (Updated by RFC-4470prop) |
| RFC-4034prop | Resource Records for the DNS Security Extensions (Updated by RFC-4470prop) |
| RFC-4033prop | DNS Security Introduction and Requirements |
| Updates: | |
|---|---|
| RFC-3090 | DNS Security Extension Clarification on Zone Status (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3658) |
| RFC-3008 | Domain Name System Security (DNSSEC) Signing Authority (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3658) |
| RFC-2535 | Domain Name System Security Extensions (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3755, RFC-3757, RFC-3226prop, RFC-3658, RFC-3655, RFC-3007prop, RFC-3008, RFC-3845, RFC-3597prop, RFC-3445, RFC-3090, RFC-2931prop) |
| RFC-1035std13 [STD 13] |
Domain names - implementation and specification (Updated by RFC-1876exp, RFC-1348, RFC-4033prop, RFC-4035prop, RFC-4034prop, RFC-2308prop, RFC-2065, RFC-2845prop, RFC-2181prop, RFC-1995prop, RFC-1996prop, RFC-2535, RFC-4343prop, RFC-3658, RFC-1982prop, RFC-2136prop, RFC-3425prop, RFC-1101, RFC-1183exp, RFC-2137) |
| Updated by: | |
|---|---|
| RFC-3755 | Legacy Resolver Compatibility for Delegation Signer (DS) (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3757, RFC-3845) |
| Referred by: | 4 RFC |
| Refers to: | 9 RFC |
Status
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
The delegation signer (DS) resource record (RR) is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone. The DS RR is a modification to the DNS Security Extensions definition, motivated by operational considerations. The intent is to use this resource record as an explicit statement about the delegation, rather than relying on inference.
This document defines the DS RR, gives examples of how it is used and describes the implications on resolvers. This change is not backwards compatible with RFC 2535(-> 4035prop | 4034prop | 4033prop). This document updates RFC 1035std13, RFC 2535(-> 4035prop | 4034prop | 4033prop), RFC 3008(-> 4035prop | 4034prop | 4033prop) and RFC 3090(-> 4035prop | 4034prop | 4033prop).
-
prepared by Miloslav Nic
- the founder of Zvon.org and Law-Ref.org
- the head of B.Sc. program Informatics and chemistry [in Czech]
- the founder of Lidem.org - Volby 2006 - parliamentary elections in the Czech Republic [in Czech]
- the chief consultant of the publishing house ICT Press
- and Pavel Srb, a student of B.Sc. program Informatics and chemistry