Browse Prior Art Database

Secure Domain Name System Dynamic Update (RFC2137)

IP.com Disclosure Number: IPCOM000002692D
Original Publication Date: 1997-Apr-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 9 page(s) / 23K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake: AUTHOR

Abstract

Domain Name System (DNS) protocol extensions have been defined to authenticate the data in DNS and provide key distribution services [RFC2065]. DNS Dynamic Update operations have also been defined [RFC2136], but without a detailed description of security for the update operation. This memo describes how to use DNSSEC digital signatures covering requests and data to secure updates and restrict updates to those authorized to perform them as indicated by the updater's possession of cryptographic keys.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 13% of the total text.

Network Working Group D. Eastlake 3rd

Request for Comments: 2137 CyberCash, Inc.

Updates: 1035 April 1997

Category: Standards Track

Secure Domain Name System Dynamic Update

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Abstract

Domain Name System (DNS) protocol extensions have been defined to

authenticate the data in DNS and provide key distribution services

[RFC2065]. DNS Dynamic Update operations have also been defined

[RFC2136], but without a detailed description of security for the

update operation. This memo describes how to use DNSSEC digital

signatures covering requests and data to secure updates and restrict

updates to those authorized to perform them as indicated by the

updater's possession of cryptographic keys.

Acknowledgements

The contributions of the following persons (who are listed in

alphabetic order) to this memo are gratefully acknowledged:

Olafur Gudmundsson (ogud@tis.com>

Charlie Kaufman

Stuart Kwan

Edward Lewis

Table of Contents

1. Introduction............................................2

1.1 Overview of DNS Dynamic Update.........................2

1.2 Overview of DNS Security...............................2

2. Two Basic Modes.........................................3

3. Keys....................................................5

3.1 Update Keys............................................6

3.1.1 Update Key Name Scope................................6

3.1.2 Update Key Class Scope...............................6

3.1.3 Update Key Signatory Field...........................6

3.2 Zone Keys and Update Modes.............................8

3.3 Wildcard Key Punch Through.............................9

4. Update Signatures.......................................9

4.1 Update Request Signatures..............................9

4.2 Update Data Signatures................................10

5. Security Considerations................................10

References................................................10

Author's Address..........................................11

1. Introduction

Dynamic update operations have been defined for the Domain Name

System (DNS) in RFC 2136, but without a detailed description of

security for those updates. Means of securing the DNS and using it

for key distribution have been defined in RFC 2065.

This memo proposes techniques based on the defined DNS security

mechanisms to...