Definition and Use of DNSSEC Negative Trust Anchors
RFC 7646, “Definition and Use of DNSSEC Negative Trust Anchors”, is an Informational document published in September 2015 by P. Ebersman, W. Kumari, C. Griffiths, J. Livingood, R. Weber. The canonical text is published by the RFC Editor.
Abstract
DNS Security Extensions (DNSSEC) is now entering widespread deployment. However, domain signing tools and processes are not yet as mature and reliable as those for non-DNSSEC-related domain administration tools and processes. This document defines Negative Trust Anchors (NTAs), which can be used to mitigate DNSSEC validation failures by disabling DNSSEC validation at specified domains.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7646 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7645 The Keying and Authentication for Routing Protocol IS-IS Security Analysis
- RFC 7647 Clarifications for the Use of REFER with RFC 6665
- RFC 7644 System for Cross-domain Identity Management: Protocol
- RFC 7648 Port Control Protocol Proxy Function
- RFC 7643 System for Cross-domain Identity Management: Core Schema
- RFC 7649 The Jabber Scribe Role at IETF Meetings
- RFC 7642 System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements
- RFC 7650 A Constrained Application Protocol Usage for REsource LOcation And Discovery