Delegation Signer (DS) Resource Record (RR), December 2003
- File formats:
- PROPOSED STANDARD
- Obsoleted by:
- RFC 4033, RFC 4034, RFC 4035
- RFC 3090, RFC 3008, RFC 2535, RFC 1035
- Updated by:
- RFC 3755
- O. Gudmundsson
- dnsext (int)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
The delegation signer (DS) resource record (RR) is inserted at a zone cut (i.e., a delegation point) to indicate that the delegated zone is digitally signed and that the delegated zone recognizes the indicated key as a valid zone key for the delegated zone. The DS RR is a modification to the DNS Security Extensions definition, motivated by operational considerations. The intent is to use this resource record as an explicit statement about the delegation, rather than relying on inference. This document defines the DS RR, gives examples of how it is used and describes the implications on resolvers. This change is not backwards compatible with RFC 2535. This document updates RFC 1035, RFC 2535, RFC 3008 and RFC 3090.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.