RFC - 3755
Legacy Resolver Compatibility for Delegation Signer (DS)
| Obsoleted by: |
| RFC-4035prop |
Protocol Modifications for the DNS Security Extensions (Updated by RFC-4470prop)
|
| RFC-4034prop |
Resource Records for the DNS Security Extensions (Updated by RFC-4470prop)
|
| RFC-4033prop |
DNS Security Introduction and Requirements |
| Updates: |
| RFC-3658 |
Delegation Signer (DS) Resource Record (RR) (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3755)
|
| RFC-2535 |
Domain Name System Security Extensions (Obsoleted by RFC-4033prop, RFC-4035prop, RFC-4034prop) (Updated by RFC-3755, RFC-3757, RFC-3226prop, RFC-3658, RFC-3655, RFC-3007prop, RFC-3008, RFC-3845, RFC-3597prop, RFC-3445, RFC-3090, RFC-2931prop)
|
| Referred by: |
4 RFC |
| Refers to: |
12 RFC |
Status
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
As the DNS Security (DNSSEC) specifications have evolved, the syntax
and semantics of the DNSSEC resource records (RRs) have changed.
Many deployed nameservers understand variants of these semantics.
Dangerous interactions can occur when a resolver that understands an
earlier version of these semantics queries an authoritative server
that understands the new delegation signer semantics, including at
least one failure scenario that will cause an unsecured zone to be
unresolvable. This document changes the type codes and mnemonics of
the DNSSEC RRs (SIG, KEY, and NXT) to avoid those interactions.
