Skip to main content

DNSSEC protected routing announcements for BGP

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Lutz Donnerhacke , Wouter Wijngaards
Last updated 2008-05-05 (Latest revision 2008-04-25)
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes an infrastructure for real time verification of routes reveived via BGP4. Some DNS query types are introduced to check the origin of a prefix and validity of the AS path. The crypto part can be offloaded from the routing engine by sending a DNS query and checking the AD bit in the DNS response. The proposal depends on the DNS scalability and caching mechanisms as well as PKI introduced by DNSSEC.


Lutz Donnerhacke
Wouter Wijngaards

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)