RFC - 2137

Secure Domain Name System Dynamic Update

Original:	ftp://ftp.isi.edu/in-notes/rfc2137.txt
Authors:	D. Eastlake 3rd [CyberCash, Inc.]
Date:	April 1997
Category:	Informational
This specification has been !!! obsoleted !!!

---

Obsoleted by:
RFC-3007prop	Secure Domain Name System (DNS) Dynamic Update (Updated by RFC-4033prop, RFC-4035prop, RFC-4034prop)

Updates:
RFC-1035std13 [STD 13]	Domain names - implementation and specification (Updated by RFC-1876exp, RFC-1348, RFC-4033prop, RFC-4035prop, RFC-4034prop, RFC-2308prop, RFC-2065, RFC-2845prop, RFC-2181prop, RFC-1995prop, RFC-1996prop, RFC-2535, RFC-4343prop, RFC-3658, RFC-1982prop, RFC-2136prop, RFC-3425prop, RFC-1101, RFC-1183exp, RFC-2137)

Referred by:	16 RFC
Refers to:	4 RFC

---

Status

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Abstract

Domain Name System (DNS) protocol extensions have been defined to authenticate the data in DNS and provide key distribution services [RFC2065]. DNS Dynamic Update operations have also been defined [RFC2136], but without a detailed description of security for the update operation. This memo describes how to use DNSSEC digital signatures covering requests and data to secure updates and restrict updates to those authorized to perform them as indicated by the updater's possession of cryptographic keys.

Acknowledgements

The contributions of the following persons (who are listed in alphabetic order) to this memo are gratefully acknowledged:

         Olafur Gudmundsson (ogud@tis.com>
         Charlie Kaufman <Charlie_Kaufman@iris.com>
         Stuart Kwan <skwan@microsoft.com>
         Edward Lewis <lewis@tis.com>

---