DNSSEC Operational Practices
RFC 4641, “DNSSEC Operational Practices”, is an Informational document published in September 2006 by O. Kolkman, R. Gieben. It obsoletes RFC 2541. It has been obsoleted by RFC 6781 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
This document describes a set of practices for operating the DNS with security extensions (DNSSEC). The target audience is zone administrators deploying DNSSEC.
The document discusses operational aspects of using keys and signatures in the DNS. It discusses issues of key generation, key storage, signature generation, key rollover, and related policies.
This document obsoletes RFC 2541, as it covers more operational ground and gives more up-to-date requirements with respect to key sizes and the new DNSSEC specification. This memo provides information for the Internet community.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 4641 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4640 Problem Statement for bootstrapping Mobile IPv6
- RFC 4642 Using Transport Layer Security with Network News Transfer Protocol
- RFC 4639 Cable Device Management Information Base for Data-Over-Cable Service Interface Specification Compliant Cable Modems and Cable Modem Termination Systems
- RFC 4643 Network News Transfer Protocol Extension for Authentication
- RFC 4638 Accommodating a Maximum Transit Unit/Maximum Receive Unit Greater Than 1492 in the Point-to-Point Protocol over Ethernet
- RFC 4644 Network News Transfer Protocol Extension for Streaming Feeds
- RFC 4645 Initial Language Subtag Registry
- RFC 4636 Foreign Agent Error Extension for Mobile IPv4