STD 93

RFC 8945

Secret Key Transaction Authentication for DNS (TSIG), November 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
INTERNET STANDARD
Obsoletes:
RFC 2845, RFC 4635
Authors:
F. Dupont
S. Morris
P. Vixie
D. Eastlake 3rd
O. Gudmundsson
B. Wellington
Stream:
IETF
Source:
dnsop (ops)

Cite this STD: TXT

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes a protocol for transaction-level authentication using shared secrets and one-way hashing. It can be used to authenticate dynamic updates to a DNS zone as coming from an approved client or to authenticate responses as coming from an approved name server.

No recommendation is made here for distributing the shared secrets; it is expected that a network administrator will statically configure name servers and clients using some out-of-band mechanism.

This document obsoletes RFCs 2845 and 4635.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.


Download PDF Reader