RFC 3445

Limiting the Scope of the KEY Resource Record (RR), December 2002

Canonical URL:
File formats:
Plain TextPDF
Obsoleted by:
RFC 4033, RFC 4034, RFC 4035
RFC 2535
D. Massey
S. Rose
dnsext (int)

Cite this RFC: TXT  |  XML

DOI:  http://dx.doi.org/10.17487/RFC3445

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


This document limits the Domain Name System (DNS) KEY Resource Record (RR) to only keys used by the Domain Name System Security Extensions (DNSSEC). The original KEY RR used sub-typing to store both DNSSEC keys and arbitrary application keys. Storing both DNSSEC and application keys with the same record type is a mistake. This document removes application keys from the KEY record by redefining the Protocol Octet field in the KEY RR Data. As a result of removing application keys, all but one of the flags in the KEY record become unnecessary and are redefined. Three existing application key sub-types are changed to reserved, but the format of the KEY record is not changed. This document updates RFC 2535. [STANDARDS-TRACK]

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Download PDF Reader

Search RFCs
Advanced Search