Skip to main content

Message Digest for DNS Zones
RFC 8976

Revision differences

Document history

Date By Action
2021-04-30
Bernie Volz Closed request for Telechat review by INTDIR with state 'Overtaken by Events'
2021-02-12
(System) IANA registries were updated to include RFC8976
2021-02-11
(System) Received changes through RFC Editor sync (added Errata tag)
2021-02-09
(System)
Received changes through RFC Editor sync (created alias RFC 8976, changed abstract to 'This document describes a protocol and new DNS Resource Record that …
Received changes through RFC Editor sync (created alias RFC 8976, changed abstract to 'This document describes a protocol and new DNS Resource Record that provides a cryptographic message digest over DNS zone data at rest. The ZONEMD Resource Record conveys the digest data in the zone itself. When used in combination with DNSSEC, ZONEMD allows recipients to verify the zone contents for data integrity and origin authenticity. This provides assurance that received zone data matches published data, regardless of how the zone data has been transmitted and received. When used without DNSSEC, ZONEMD functions as a checksum, guarding only against unintentional changes.

ZONEMD does not replace DNSSEC: DNSSEC protects individual RRsets (DNS data with fine granularity), whereas ZONEMD protects a zone's data as a whole, whether consumed by authoritative name servers, recursive name servers, or any other applications.

As specified herein, ZONEMD is impractical for large, dynamic zones due to the time and resources required for digest calculation. However, the ZONEMD record is extensible so that new digest schemes may be added in the future to support large, dynamic zones.', changed pages to 31, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2021-02-09, changed IESG state to RFC Published)
2021-02-09
(System) RFC published