Secure Domain Name System (DNS) Dynamic Update

Document Type Expired Internet-Draft (dnssec WG)
Last updated 1998-08-06
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Revised Domain Name System (DNS) protocol extensions to authenticate the data in DNS and provide key distribution services have been defined in draft-ietf-dnssec-secext2-*.txt, which obsoletes the original DNS security protocol definition in RFC 2065. In addition, symetric key DNS transaction signatures have been defined in draft- ietf-dnsind-tsig-*.txt. Secure DNS Dynamic Update operations were also been defined [RFC 2137] in connection RFC 2065. This document updates secure dynamic update in light of draft-ietf-dnssec-secext2- *.txt and draft-ietf-dnsind-tsig-*.txt. It describes how to use digital signatures covering requests and data to secure updates and restrict updates to those authorized to perform them as indicated by the updater's possession of cryptographic keys.


Donald Eastlake (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)