RFC 4641

DNSSEC Operational Practices, September 2006

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4641.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Obsoletes:
RFC 2541
Obsoleted by:
RFC 6781
Authors:
O. Kolkman
R. Gieben
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4641

Discuss this RFC: Send questions or comments to dnsop@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes a set of practices for operating the DNS with security extensions (DNSSEC). The target audience is zone administrators deploying DNSSEC. The document discusses operational aspects of using keys and signatures in the DNS. It discusses issues of key generation, key storage, signature generation, key rollover, and related policies. This document obsoletes RFC 2541, as it covers more operational ground and gives more up-to-date requirements with respect to key sizes and the new DNSSEC specification. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader