RFC 4986

Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover, August 2007

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4986.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Authors:
H. Eland
R. Mundy
S. Crocker
S. Krishnaswamy
Stream:
IETF
Source:
dnsext (int)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4986

Discuss this RFC: Send questions or comments to dnsext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Every DNS security-aware resolver must have at least one Trust Anchor to use as the basis for validating responses from DNS signed zones. For various reasons, most DNS security-aware resolvers are expected to have several Trust Anchors. For some operations, manual monitoring and updating of Trust Anchors may be feasible, but many operations will require automated methods for updating Trust Anchors in their security-aware resolvers. This document identifies the requirements that must be met by an automated DNS Trust Anchor rollover solution for security-aware DNS resolvers. This memo provides information for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×