Search RFCs

RFC Editor

File formats:

Also available:XML file for editing

 

Status:

INFORMATIONAL

Authors:

S. Huque
P. Aras
J. Dickinson
J. Vcelak
D. Blacka

Stream:

IETF

Source:

dnsop (ops)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC8901

Discuss this RFC: Send questions or comments to the mailing listdnsop@ietf.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 8901

Abstract

Many enterprises today employ the service of multiple DNS providersto distribute their authoritative DNS service. Deploying DNSSEC insuch an environment may present some challenges, depending on theconfiguration and feature set in use. In particular, when each DNSprovider independently signs zone data with their own keys,additional key-management mechanisms are necessary. This documentpresents deployment models that accommodate this scenario anddescribes these key-management requirements. These models do notrequire any changes to the behavior of validating resolvers, nor dothey impose the new key-management requirements on authoritativeservers not involved in multi-signer configurations.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.