1. Introduction

   This document introduces the Domain Name System Security Extensions
   (DNSSEC).  This document and its two companion documents ([RFC4034]
   and [RFC4035]) update, clarify, and refine the security extensions
   defined in [RFC2535] and its predecessors.  These security extensions
   consist of a set of new resource record types and modifications to
   the existing DNS protocol ([RFC1035]).  The new records and protocol
   modifications are not fully described in this document, but are
   described in a family of documents outlined in Section 10.  Sections
   3 and 4 describe the capabilities and limitations of the security
   extensions in greater detail.  Section 5 discusses the scope of the
   document set.  Sections 6, 7, 8, and 9 discuss the effect that these
   security extensions will have on resolvers, stub resolvers, zones,
   and name servers.

   This document and its two companions obsolete [RFC2535], [RFC3008],
   [RFC3090], [RFC3445], [RFC3655], [RFC3658], [RFC3755], [RFC3757], and
   [RFC3845].  This document set also updates but does not obsolete
   [RFC1034], [RFC1035], [RFC2136], [RFC2181], [RFC2308], [RFC3225],
   [RFC3007], [RFC3597], and the portions of [RFC3226] that deal with
   DNSSEC.

   The DNS security extensions provide origin authentication and
   integrity protection for DNS data, as well as a means of public key
   distribution.  These extensions do not provide confidentiality.