RFC 3655

Redefinition of DNS Authenticated Data (AD) bit, November 2003

File formats:
icon for text file icon for PDF icon for HTML
Status:
PROPOSED STANDARD
Obsoleted by:
RFC 4033, RFC 4034, RFC 4035
Updates:
RFC 2535
Authors:
B. Wellington
O. Gudmundsson
Stream:
IETF
Source:
dnsext (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC3655

Discuss this RFC: Send questions or comments to the mailing list dnsext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 3655


Abstract

This document alters the specification defined in RFC 2535. Based on implementation experience, the Authenticated Data (AD) bit in the DNS header is not useful. This document redefines the AD bit such that it is only set if all answers or records proving that no answers exist in the response has been cryptographically verified or otherwise meets the server's local security policy.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search