Message Digest for DNS Zones
draft-wessels-dns-zone-digest-06

Document Type Replaced Internet-Draft (dnsop WG)
Last updated 2019-03-29 (latest revision 2019-02-13)
Replaced by draft-ietf-dnsop-dns-zone-digest
Stream IETF
Intended RFC status Experimental
Formats
Expired & archived
pdf htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-dnsop-dns-zone-digest
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-wessels-dns-zone-digest-06.txt

Abstract

This document describes an experimental protocol and new DNS Resource Record that can be used to provide a message digest over DNS zone data. The ZONEMD Resource Record conveys the message digest data in the zone itself. When a zone publisher includes an ZONEMD record, recipients can verify the zone contents for accuracy and completeness. This provides assurance that received zone data matches published data, regardless of how the zone data has been transmitted and received. ZONEMD is not designed to replace DNSSEC. Whereas DNSSEC protects individual RRSets (DNS data with fine granularity), ZONEMD protects protects a zone's data as a whole, whether consumed by authoritative name servers, recursive name servers, or any other applications. As specified at this time, ZONEMD is not designed for use in large, dynamic zones due to the time and resources required for digest calculation. The ZONEMD record described in this document includes fields reserved for future work to support large, dynamic zones.

Authors

Duane Wessels (dwessels@verisign.com)
Piet Barber (pbarber@verisign.com)
Matt Weinberg (mweinberg@verisign.com)
Warren Kumari (warren@kumari.net)
Wes Hardaker (ietf@hardakers.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)