Skip to main content

DNSSEC Opt-in for Large Zones
draft-kosters-dnsext-dnssec-opt-in-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Mark Kosters
Last updated 2001-03-06
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

In order for DNSSEC to be deployed operationally with large zones and little operational impact, there needs to be included a mechanism that allows for the separation of secure versus unsecure views of zones. This needs to be done in a transparent fashion that allows DNSSEC to be deployed in an incremental manner. This document proposes the use of an extended RCODE to signify that a DNSSEC-aware requestor may have to re-query for the information, if and only if, the delegation is not yet secure. Thus, one can maintain two views of the zone and expand the DNSSEC zone as demand warrants.

Authors

Mark Kosters

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)