Donate
‹ Back
Deploy360 24 January 2013

RFC 6841 Outlines How To Write DNSSEC Policies and Practice Statements

Dan York
By Dan YorkDirector of Web Strategy

Back in July 2012, we wrote about “How To Write a DNSSEC Practice Statement (DPS)” and referenced an Internet-Draft that explained the process.  We’re very pleased to see that that I-D was just published this month as a formal RFC:

RFC 6841 – A Framework for DNSSEC Policies and DNSSEC Practice Statements

As the abstract says:

This document presents a framework to assist writers of DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements, such as domain managers and zone operators on both the top level and secondary level, who are managing and operating a DNS zone with Security Extensions implemented.

In particular, the framework provides a comprehensive list of topics that should be considered for inclusion into a DNSSEC Policy definition and Practice Statement.

It’s well worth a read not only if you are an operator of a Top-Level-Domain (TLD) or one of the newgTLDs (all of whom are mandated to support DNSSEC), but also if you are with an enterprise/company that is considering hosting all the DNSSEC-signing for your domains yourself.

If you want examples of what these DPS documents look like, we maintain a list of DNSSEC Practice Statements that includes documents from many of the major TLDs.  (And we’re always open to adding more if you have a published DPS online.  Just let us know.)

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

The Case for DNSSEC, DANE & Root Key Rollover @ APRICOT 2017
Deploy3609 March 2017

The Case for DNSSEC, DANE & Root Key Rollover @ APRICOT 2017

Our colleague Jan Žorž from the Deploy360 team was asked to present during the DNS/DNSSEC sessions during APRICOT 2017 last week, and this provides...

How To Write A DNSSEC Practice Statement (DPS)
Deploy36016 July 2012

How To Write A DNSSEC Practice Statement (DPS)

Are you planning to start using DNSSEC with your domain - and are you planning to start signing your domain...

NLnet Labs Releases Helpful DNSSEC Infrastructure Audit Framework
Deploy3604 February 2014

NLnet Labs Releases Helpful DNSSEC Infrastructure Audit Framework

How secure is your DNSSEC infrastructure? If you operate a registry for a top-level domain (TLD) or if you are...

Join the conversation with Internet Society members around the world