Legacy Resolver Compatibility for Delegation Signer (DS), May 2004
- File formats:
- PROPOSED STANDARD
- Obsoleted by:
- RFC 4033, RFC 4034, RFC 4035
- RFC 3658, RFC 2535
- Updated by:
- RFC 3757, RFC 3845
- S. Weiler
- dnsext (int)
Discuss this RFC: Send questions or comments to email@example.com
As the DNS Security (DNSSEC) specifications have evolved, the syntax and semantics of the DNSSEC resource records (RRs) have changed. Many deployed nameservers understand variants of these semantics. Dangerous interactions can occur when a resolver that understands an earlier version of these semantics queries an authoritative server that understands the new delegation signer semantics, including at least one failure scenario that will cause an unsecured zone to be unresolvable. This document changes the type codes and mnemonics of the DNSSEC RRs (SIG, KEY, and NXT) to avoid those interactions. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.