1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
zone key
Click on the red underlined text to get to the source
...
In general, there must be a zone KEY RR for the subzone in the
superzone and the copy signed in the superzone is controlling. For
...
... the owner name and public key are associated. Note that an
appropriate zone KEY RR MUST occur at the apex node of a secure zone ...
... possible to use the same key for different things with the same name
or even different names, but this is strongly discouraged. In
particular, the use of a zone key as a non-zone key will usually
require that the corresponding private key ...
... or even different names, but this is strongly discouraged. In
particular, the use of a zone key as a non-zone key will usually
require that the corresponding private key be kept on line and
...
... security based on the key is "mandatory".
Thus, if this bit is off for a zone key, the zone should be assumed
secured by SIG RRs ...
... Bit 7 is the "zone" bit and indicates that this is a zone key
for the zone whose name is the KEY RR owner name. This is the public
key ...
... DNS dynamic update or other new DNS commands. Zone
keys always have authority to sign any RRs in the zone regardless of
...
... On the retrieval of NS RRs, the zone key KEY RR(s) for the zone
served by these name servers MUST be included as additional
...
... The AXFR SIG must be calculated last of all zone key signed SIGs in
the zone. In effect, when signing the zone, you order, as described
...
... authenticated by a dynamic update key and not by the
zone key (see Section 3.2) are not included in the AXFR SIG. They may
...
... by the server
host key, not the zone key) by the requesting resolver shows that the
query and response were not tampered with in transit, that the
...
... use in the DNS security extension. Unfortunately, these factors
usually do not all point in the same direction. Choice of zone key
size should generally be made by the zone administrator depending on
...
... While key lifetime is a matter of local policy, these considerations
suggest that no zone key should have a lifetime significantly over
four years. A reasonable maximum lifetime ...
... lifetime significantly over
four years. A reasonable maximum lifetime for zone keys that are
kept off-line and carefully guarded is 13 months with the intent that
...
... root is a zone unto itself. Thus
the root zone key should only be seen signing itself or signing RRs ...