Sign in
Version 5.13.0, 2015-03-25
Report a bug

Secure parent-child DNS update use cases

Document type: Expired Internet-Draft (individual)
Document stream: No stream defined
Last updated: 2013-01-10 (latest revision 2012-07-09)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

Stream State:No stream defined
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


DNS zone administrators occasionally need to update data published by a parent zone, such as NS and DS records. Traditionally these updates have happened out-of-band: through DNS registrar interfaces, EPP, websites, or manually by operators. Some updates could also be done using DNS Dynamic Update [RFC2136]. The IETF's DNSOP working group is considering proposing additional mechanisms for such updates, possibly leveraging DNSSEC for authentication. This document presents some use cases to drive this design work.


Paul Wouters <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)