database logo graphic

RFC 5155

"DNS Security (DNSSEC) Hashed Authenticated Denial of Existence", March 2008

Canonical URL:
http://www.rfc-editor.org/rfc/rfc5155.txt
This document is also available in this non-normative format: PDF.
Status:
PROPOSED STANDARD
Updated by:
RFC 6840, RFC 6944
Authors:
B. Laurie
G. Sisson
R. Arends
D. Blacka
Stream:
IETF
Source:
dnsext (int)

Cite this RFC: TXT  |  XML

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Domain Name System Security (DNSSEC) Extensions introduced the NSEC resource record (RR) for authenticated denial of existence. This document introduces an alternative resource record, NSEC3, which similarly provides authenticated denial of existence. However, it also provides measures against zone enumeration and permits gradual expansion of delegation-centric zones. [STANDARDS-TRACK]


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Go to the RFC Editor Homepage.