RFC 8198 on Aggressive Use of DNSSEC-Validated Cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A new Request for Comments is now available in online RFC libraries.

        
        RFC 8198

        Title:      Aggressive Use of DNSSEC-Validated Cache 
        Author:     K. Fujiwara, 
                    A. Kato,
                    W. Kumari
        Status:     Standards Track
        Stream:     IETF
        Date:       July 2017
        Mailbox:    fujiwara@jprs.co.jp, 
                    kato@wide.ad.jp, 
                    warren@kumari.net
        Pages:      13
        Characters: 27918
        Updates:    RFC 4035

        I-D Tag:    draft-ietf-dnsop-nsec-aggressiveuse-10.txt

        URL:        https://www.rfc-editor.org/info/rfc8198

        DOI:        10.17487/RFC8198

The DNS relies upon caching to scale; however, the cache lookup
generally requires an exact match.  This document specifies the use
of NSEC/NSEC3 resource records to allow DNSSEC-validating resolvers
to generate negative answers within a range and positive answers from
wildcards.  This increases performance, decreases latency, decreases
resource utilization on both authoritative and recursive servers, and
increases privacy.  Also, it may help increase resilience to certain
DoS attacks in some circumstances.

This document updates RFC 4035 by allowing validating resolvers to
generate negative answers based upon NSEC/NSEC3 records and positive
answers in the presence of wildcards.

This document is a product of the Domain Name System Operations Working Group of the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the 
standardization state and status of this protocol.  Distribution of this 
memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux