UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 5452

Measures for Making DNS More Resilient against Forged Answers

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 January 2009
Status: active
Page Count: 18
scope:

The current Internet climate poses serious threats to the Domain Name System. In the interim period before the DNS protocol can be secured more fully, measures can already be taken to harden the DNS to make 'spoofing' a recursing nameserver many orders of magnitude harder.

Even a cryptographically secured DNS benefits from having the ability to discard bogus responses quickly, as this potentially saves large amounts of computation.

By describing certain behavior that has previously not been standardized, this document sets out how to make the DNS more resilient against accepting incorrect responses. This document updates RFC 2181.

Document History

IETF RFC 5452
January 1, 2009
Measures for Making DNS More Resilient against Forged Answers
The current Internet climate poses serious threats to the Domain Name System. In the interim period before the DNS protocol can be secured more fully, measures can already be taken to harden the DNS...

References

This document references:
RFC 1035 - Domain Names - Implementation and Specification
Published by IETF on November 1, 1987
A description is not available for this item.
This document references:
RFC 1034 - Domain Names - Concepts and Facilities
Published by IETF on November 1, 1987
A description is not available for this item.
This document is referenced by:
IETF RFC 7873 - Domain Name System (DNS) Cookies
Published by IETF on May 1, 2016
DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and...
This document is referenced by:
IEC 62481-1-1 - Digital living network alliance (DLNA) home networked device interoperability guidelines – Part 1-1: Architecture and protocols – Core architecture and protocols
Published by IEC on July 1, 2017
This part of IEC 62481-1, the DLNA guidelines series, specifies the core architecture and protocols of DLNA implementations. The interoperability guidelines consist of five parts covering...
This document is referenced by:
RFC 9520 - Negative Caching of DNS Resolution Failures
Published by IETF on December 1, 2023
In the DNS, resolvers employ caching to reduce both latency for end users and load on authoritative name servers. The process of resolution may result in one of three types of responses: (1) a...
View Less
View All
Advertisement