2005
DOI: 10.17487/rfc4035
|View full text |Cite
|
Sign up to set email alerts
|

Protocol Modifications for the DNS Security Extensions

Abstract: This document is part of a family of documents that describe the DNS Security Extensions (DNSSEC). The DNS Security Extensions are a collection of new resource records and protocol modifications that add data origin authentication and data integrity to the DNS. This document describes the DNSSEC protocol modifications. This document defines the concept of a signed zone, along with the requirements for serving and resolving by using DNSSEC. These techniques allow a security-aware resolver to authenticate both D… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
241
0
2

Year Published

2005
2005
2017
2017

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 248 publications
(250 citation statements)
references
References 5 publications
0
241
0
2
Order By: Relevance
“…Scaling Concerns 3.1. Implement a BAD Cache Section 4.7 of [RFC4035] permits security-aware resolvers to implement a BAD cache. That guidance has changed: security-aware resolvers SHOULD implement a BAD cache as described in [RFC4035].…”
Section: Sha-2 Supportmentioning
confidence: 99%
See 2 more Smart Citations
“…Scaling Concerns 3.1. Implement a BAD Cache Section 4.7 of [RFC4035] permits security-aware resolvers to implement a BAD cache. That guidance has changed: security-aware resolvers SHOULD implement a BAD cache as described in [RFC4035].…”
Section: Sha-2 Supportmentioning
confidence: 99%
“…Section 5.4 of [RFC4035] under-specifies the algorithm for checking nonexistence proofs. In particular, the algorithm as presented would allow a validator to interpret an NSEC or NSEC3 RR from an ancestor zone as proving the nonexistence of an RR in a child zone.…”
Section: Clarifications On Nonexistence Proofsmentioning
confidence: 99%
See 1 more Smart Citation
“…DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and [RFC4035], uses cryptographic keys and digital signatures to provide authentication of DNS data. Currently, the most popular signature algorithm in use is RSA.…”
Section: Introductionmentioning
confidence: 99%
“…The Domain Name System Security Extensions (DNSSEC), as described in [2], [3], and [4], define new records and protocol modifications to DNS that permit security-aware resolvers to validate DNS Resource Records (RRs) from one or more Trust Anchors held by such securityaware resolvers.…”
Section: Introductionmentioning
confidence: 99%