File formats:

Status:

PROPOSED STANDARD

Obsoleted by:

RFC 4033, RFC 4034, RFC 4035

Updates:

RFC 3658, RFC 2535

Updated by:

RFC 3757, RFC 3845

Author:

S. Weiler

Stream:

IETF

Source:

dnsext (int)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC3755

Discuss this RFC: Send questions or comments to the mailing list dnsext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 3755

Abstract

As the DNS Security (DNSSEC) specifications have evolved, the syntax and semantics of the DNSSEC resource records (RRs) have changed. Many deployed nameservers understand variants of these semantics. Dangerous interactions can occur when a resolver that understands an earlier version of these semantics queries an authoritative server that understands the new delegation signer semantics, including at least one failure scenario that will cause an unsecured zone to be unresolvable. This document changes the type codes and mnemonics of the DNSSEC RRs (SIG, KEY, and NXT) to avoid those interactions. [STANDARDS-TRACK]

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.