Domain Name System Security Extensions (DNSSEC) 30 December 2011


DNSSEC was originally specified in the following three RFCs:

  • RFC 4033 – DNS Security Introduction and Requirements
  • RFC 4034 – Resource Records for the DNS Security Extensions
  • RFC 4035 – Protocol Modifications for the DNS Security Extensions

Subsequently, the following additional RFCs have been issued related to DNSSEC:

  • RFC 4470 – Minimally Covering NSEC Records and DNSSEC On-line Signing
  • RFC 4641 – DNSSEC Operational Practices
  • RFC 5155 – DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
  • RFC 6014 – Cryptographic Algorithm Identifier Allocation for DNSSEC

Another RFC that may be of interest is:

  • RFC 4398 – Storing Certificates in the Domain Name System (DNS)

Related articles

Deploy360 3 April 2017

Introduction to PKIs & CAs

In order to be trusted, the Internet must provide channels for secure and private communication between entities, which can...

Domain Name System (DNS) 31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download...

Deploy360 7 October 2014

DNSSEC Fact Sheet

Looking for a quick way to explain DNSSEC to people?  Would you like a DNSSEC handout you could print...