Search RFCs
RFC 5452
Measures for Making DNS More Resilient against Forged Answers,January 2009
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 2181
- Authors:
- A. Hubert
R. van Mook - Stream:
- IETF
- Source:
- dnsext (int)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC5452
Discuss this RFC: Send questions or comments to the mailing listdnsext@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 5452
Abstract
The current Internet climate poses serious threats to the Domain NameSystem. In the interim period before the DNS protocol can be securedmore fully, measures can already be taken to harden the DNS to make'spoofing' a recursing nameserver many orders of magnitude harder.
Even a cryptographically secured DNS benefits from having the abilityto discard bogus responses quickly, as this potentially saves largeamounts of computation.
By describing certain behavior that has previously not beenstandardized, this document sets out how to make the DNS moreresilient against accepting incorrect responses. This documentupdates RFC 2181. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.