RFC 3655
Redefinition of DNS Authenticated Data (AD) bit, November 2003
- File formats:
- Status:
- PROPOSED STANDARD
- Obsoleted by:
- RFC 4033, RFC 4034, RFC 4035
- Updates:
- RFC 2535
- Authors:
- B. Wellington
O. Gudmundsson - Stream:
- IETF
- Source:
- dnsext (int)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC3655
Discuss this RFC: Send questions or comments to the mailing list dnsext@ietf.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 3655
Abstract
This document alters the specification defined in RFC 2535. Based on implementation experience, the Authenticated Data (AD) bit in the DNS header is not useful. This document redefines the AD bit such that it is only set if all answers or records proving that no answers exist in the response has been cryptographically verified or otherwise meets the server's local security policy.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.