Technical Summary
This document describes a set of practices for operating the DNS with
security extensions (DNSSEC). The target audience is DNS zone
administrators deploying DNSSEC.
The document discusses operational aspects of using keys and
signatures in the DNS. It elaborates on issues of key generation,
key storage, signature generation, key rollover, and related tasks.
Working Group Summary
The draft started as an updated version of RFC 4641 in 2009
and and was updated through WG contributions up to
version -06 that got WGLC'ed in April 2011. Multiple
comments received during the WGLC as well as after this
were taken into account with the consent of the WG,
leading to version -12 as of today. No part of the document
was particluarly contentious, as the draft primarily discusses
tradeoffs in favor of making recommendations. That means
reasonable dissenting views could be and are reflected
in the document.
Document Quality
This draft is a definitive improvement over RFC 4641, which
it strives to replace. Various TLD and other zones'
DNSSEC practices are in line with, or within the boundaries
of this draft, that therefore reflects the collective wisdom
of those active operators who chose to contribute. The draft
received significant review within the WG as well as
attention outside the IETF.
Personnel
Peter Koch is the document shepherd, Ron Bonica is the responsible AD.