RFC 9157

Revised IANA Considerations for DNSSEC, December 2021

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
RFC 5155, RFC 6014, RFC 8624
P. Hoffman
dnsop (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9157

Discuss this RFC: Send questions or comments to the mailing list dnsop@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9157


This document changes the review requirements needed to get DNSSEC algorithms and resource records added to IANA registries. It updates RFC 6014 to include hash algorithms for Delegation Signer (DS) records and NextSECure version 3 (NSEC3) parameters (for Hashed Authenticated Denial of Existence). It also updates RFCs 5155 and 6014, which have requirements for DNSSEC algorithms, and updates RFC 8624 to clarify the implementation recommendation related to the algorithms described in RFCs that are not on the standards track. The rationale for these changes is to bring the requirements for DS records and hash algorithms used in NSEC3 in line with the requirements for all other DNSSEC algorithms.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search