RFC 3658

Delegation Signer (DS) Resource Record (RR), December 2003

File formats:
icon for text file icon for PDF icon for HTML
Obsoleted by:
RFC 4033, RFC 4034, RFC 4035
RFC 3090, RFC 3008, RFC 2535, RFC 1035
Updated by:
RFC 3755
O. Gudmundsson
dnsext (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC3658

Discuss this RFC: Send questions or comments to the mailing list dnsext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 3658


The delegation signer (DS) resource record (RR) is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone. The DS RR is a modification to the DNS Security Extensions definition, motivated by operational considerations. The intent is to use this resource record as an explicit statement about the delegation, rather than relying on inference. This document defines the DS RR, gives examples of how it is used and describes the implications on resolvers. This change is not backwards compatible with RFC 2535. This document updates RFC 1035, RFC 2535, RFC 3008 and RFC 3090.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search