Threat Analysis of the Domain Name System (DNS), August 2004
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
Although the DNS Security Extensions (DNSSEC) have been under development for most of the last decade, the IETF has never written down the specific set of threats against which DNSSEC is designed to protect. Among other drawbacks, this cart-before-the-horse situation has made it difficult to determine whether DNSSEC meets its design goals, since its design goals are not well specified. This note attempts to document some of the known threats to the DNS, and, in doing so, attempts to measure to what extent (if any) DNSSEC is a useful tool in defending against these threats. This memo provides information for the Internet community.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.