The IESG has approved the following document: - 'DNSSEC Operational Practices, Version 2' (draft-ietf-dnsop-rfc4641bis-13.txt) as Informational RFC This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Ronald Bonica and Benoit Claise. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc4641bis/ Technical Summary This document describes a set of practices for operating the DNS with security extensions (DNSSEC). The target audience is DNS zone administrators deploying DNSSEC. The document discusses operational aspects of using keys and signatures in the DNS. It elaborates on issues of key generation, key storage, signature generation, key rollover, and related tasks. Working Group Summary The draft started as an updated version of RFC 4641 in 2009 and and was updated through WG contributions up to version -06 that got WGLC'ed in April 2011. Multiple comments received during the WGLC as well as after this were taken into account with the consent of the WG, leading to version -12 as of today. No part of the document was particluarly contentious, as the draft primarily discusses tradeoffs in favor of making recommendations. That means reasonable dissenting views could be and are reflected in the document. Document Quality This draft is a definitive improvement over RFC 4641, which it strives to replace. Various TLD and other zones' DNSSEC practices are in line with, or within the boundaries of this draft, that therefore reflects the collective wisdom of those active operators who chose to contribute. The draft received significant review within the WG as well as attention outside the IETF. Personnel Peter Koch is the document shepherd, Ron Bonica is the responsible AD.
