I-D Action:draft-ietf-dnsext-forgery-resilience-07.txt

Internet-Drafts@ietf.org Thu, 14 August 2008 21:49 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 85FDA3A6ABA; Thu, 14 Aug 2008 14:49:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.34
X-Spam-Status: No, score=-102.34 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id X0apc7T34Xp7; Thu, 14 Aug 2008 14:49:56 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8808B3A68BF; Thu, 14 Aug 2008 14:49:56 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KTkdG-000OBy-Ul for namedroppers-data@psg.com; Thu, 14 Aug 2008 21:45:22 +0000
Received: from [2001:1890:1112:1::20] (helo=mail.ietf.org) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <root@core3.amsl.com>) id 1KTkd5-000OAY-8V for namedroppers@ops.ietf.org; Thu, 14 Aug 2008 21:45:20 +0000
Received: by core3.amsl.com (Postfix, from userid 0) id 3202C3A6ADD; Thu, 14 Aug 2008 14:45:01 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Cc: namedroppers@ops.ietf.org
Subject: I-D Action:draft-ietf-dnsext-forgery-resilience-07.txt
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20080814214502.3202C3A6ADD@core3.amsl.com>
Date: Thu, 14 Aug 2008 14:45:01 -0700 (PDT)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.

	Title           : Measures for making DNS more resilient against forged answers
	Author(s)       : B. Hubert, R. Mook
	Filename        : draft-ietf-dnsext-forgery-resilience-07.txt
	Pages           : 25
	Date            : 2008-08-14

The current Internet climate poses serious threats to the Domain Name
System.  In the interim period before the DNS protocol can be secured
more fully, measures can already be taken to harden the DNS to make
'spoofing' a recursing nameserver many orders of magnitude harder.

Even a cryptographically secured DNS benefits from having the ability
to discard bogus responses quickly, as this potentially saves large
amounts of computation.

By describing certain behaviour that has previously not been
standardised, this document sets out how to make the DNS more
resilient against accepting incorrect responses.  This document
updates RFC 1034.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the