UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9077

NSEC and NSEC3: TTLs and Aggressive Use

active, Most Current
Organization: IETF
Publication Date: 1 July 2021
Status: active
Page Count: 8
scope:

Abstract

Due to a combination of unfortunate wording in earlier documents, aggressive use of NSEC and NSEC3 records may deny the existence of names far beyond the intended lifetime of a denial. This document changes the definition of the NSEC and NSEC3 TTL to correct that situation. This document updates RFCs 4034, 4035, 5155, and 8198.

Document History

RFC 9077
July 1, 2021
NSEC and NSEC3: TTLs and Aggressive Use
Abstract Due to a combination of unfortunate wording in earlier documents, aggressive use of NSEC and NSEC3 records may deny the existence of names far beyond the intended lifetime of a denial. This...

References

This document supersedes:
IETF RFC 8198 - Aggressive Use of DNSSEC-Validated Cache
Published by IETF on July 1, 2017
The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC-validating resolvers...
This document supersedes:
IETF RFC 8198 - Aggressive Use of DNSSEC-Validated Cache
Published by IETF on July 1, 2017
The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC-validating resolvers...
Advertisement