Search RFCs
RFC 4641
DNSSEC Operational Practices,September 2006
- File formats:
- Status:
- INFORMATIONAL
- Obsoletes:
- RFC 2541
- Obsoleted by:
- RFC 6781
- Authors:
- O. Kolkman
R. Gieben - Stream:
- IETF
- Source:
- dnsop (ops)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC4641
Discuss this RFC: Send questions or comments to the mailing listdnsop@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 4641
Abstract
This document describes a set of practices for operating the DNS withsecurity extensions (DNSSEC). The target audience is zoneadministrators deploying DNSSEC.
The document discusses operational aspects of using keys andsignatures in the DNS. It discusses issues of key generation, keystorage, signature generation, key rollover, and related policies.
This document obsoletes RFC 2541, as it covers more operationalground and gives more up-to-date requirements with respect to keysizes and the new DNSSEC specification. This memo provides information for the Internet community.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.