%% You should probably cite rfc8976 instead of this I-D. @techreport{ietf-dnsop-dns-zone-digest-12, number = {draft-ietf-dnsop-dns-zone-digest-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-zone-digest/12/}, author = {Duane Wessels and Piet Barber and Matt Weinberg and Warren "Ace" Kumari and Wes Hardaker}, title = {{Message Digest for DNS Zones}}, pagetotal = 37, year = 2020, month = sep, day = 29, abstract = {This document describes a protocol and new DNS Resource Record that provides a cryptographic message digest over DNS zone data. The ZONEMD Resource Record conveys the digest data in the zone itself. When a zone publisher includes a ZONEMD record, recipients can verify the zone contents for accuracy and completeness. This provides assurance that received zone data matches published data, regardless of how the zone data has been transmitted and received. ZONEMD does not replace DNSSEC. Whereas DNSSEC protects individual RRSets (DNS data with fine granularity), ZONEMD protects a zone's data as a whole, whether consumed by authoritative name servers, recursive name servers, or any other applications. As specified herein, ZONEMD is impractical for large, dynamic zones due to the time and resources required for digest calculation. However, The ZONEMD record is extensible so that new digest schemes may be added in the future to support large, dynamic zones.}, }