datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Delegation Signer (DS) Resource Record (RR)
RFC 3658

Document type: RFC - Proposed Standard (December 2003)
Obsoleted by RFC 4033, RFC 4035, RFC 4034
Updated by RFC 3755
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3658 (Proposed Standard)
Responsible AD: Thomas Narten
IESG Note: Please start last call.
Send notices to: <ogud@ogud.com>, <okolkman@ripe.net>

Network Working Group                                     O. Gudmundsson
Request for Comments: 3658                                 December 2003
Updates: 3090, 3008, 2535, 1035
Category: Standards Track

              Delegation Signer (DS) Resource Record (RR)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   The delegation signer (DS) resource record (RR) is inserted at a zone
   cut (i.e., a delegation point) to indicate that the delegated zone is
   digitally signed and that the delegated zone recognizes the indicated
   key as a valid zone key for the delegated zone.  The DS RR is a
   modification to the DNS Security Extensions definition, motivated by
   operational considerations.  The intent is to use this resource
   record as an explicit statement about the delegation, rather than
   relying on inference.

   This document defines the DS RR, gives examples of how it is used and
   describes the implications on resolvers.  This change is not
   backwards compatible with RFC 2535.  This document updates RFC 1035,
   RFC 2535, RFC 3008 and RFC 3090.

Gudmundsson                 Standards Track                     [Page 1]
RFC 3658      Delegation Signer (DS) Resource Record (RR)  December 2003

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .   3
       1.2.  Reserved Words. . . . . . . . . . . . . . . . . . . . .   4
   2.  Specification of the Delegation key Signer. . . . . . . . . .   4
       2.1.  Delegation Signer Record Model. . . . . . . . . . . . .   4
       2.2.  Protocol Change . . . . . . . . . . . . . . . . . . . .   5
             2.2.1.  RFC 2535 2.3.4 and 3.4: Special Considerations
                     at Delegation Points  . . . . . . . . . . . . .   6
                     2.2.1.1. Special processing for DS queries. . .   6
                     2.2.1.2. Special processing when child and an
                              ancestor share nameserver. . . . . . .   7
                     2.2.1.3. Modification on use of KEY RR in the
                              construction of Responses. . . . . . .   8
             2.2.2.  Signer's Name (replaces RFC3008 section 2.7). .   9
             2.2.3.  Changes to RFC 3090 . . . . . . . . . . . . . .   9
                     2.2.3.1. RFC 3090: Updates to section 1:
                              Introduction . . . . . . . . . . . . .   9
                     2.2.3.2. RFC 3090 section 2.1: Globally
                              Secured. . . . . . . . . . . . . . . .  10
                     2.2.3.3. RFC 3090 section 3: Experimental
                              Status . . . . . . . . . . . . . . . .  10
             2.2.4.  NULL KEY elimination. . . . . . . . . . . . . .  10
       2.3.  Comments on Protocol Changes. . . . . . . . . . . . . .  10
       2.4.  Wire Format of the DS record. . . . . . . . . . . . . .  11
             2.4.1.  Justifications for Fields . . . . . . . . . . .  12
       2.5.  Presentation Format of the DS Record. . . . . . . . . .  12
       2.6.  Transition Issues for Installed Base. . . . . . . . . .  12
             2.6.1.  Backwards compatibility with RFC 2535 and
                     RFC 1035. . . . . . . . . . . . . . . . . . . .  12
       2.7.  KEY and corresponding DS record example . . . . . . . .  13
   3.  Resolver. . . . . . . . . . . . . . . . . . . . . . . . . . .  14
       3.1.  DS Example" . . . . . . . . . . . . . . . . . . . . . .  14
       3.2.  Resolver Cost Estimates for DS Records" . . . . . . . .  15
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   6.  Intellectual Property Statement . . . . . . . . . . . . . . .  16
   7.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  17
   8.  References. . . . . . . . . . . . . . . . . . . . . . . . . .  17
       8.1.  Normative References. . . . . . . . . . . . . . . . . .  17
       8.2.  Informational References. . . . . . . . . . . . . . . .  17
   9.  Author's Address. . . . . . . . . . . . . . . . . . . . . . .  18
   10. Full Copyright Statement. . . . . . . . . . . . . . . . . . .  19

Gudmundsson                 Standards Track                     [Page 2]
RFC 3658      Delegation Signer (DS) Resource Record (RR)  December 2003

1.  Introduction

[include full document text]