RFC 5155

DNS Security (DNSSEC) Hashed Authenticated Denial of Existence (NSEC3)

DNSSEC

Defines NSEC3, an alternative to NSEC for authenticated denial of existence in DNSSEC that prevents zone enumeration by hashing domain names.

DNSSEC DNS NSEC3 Security Zone Enumeration

Published: 2008-03

RFC 5155 - DNS Security (DNSSEC) Hashed Authenticated Denial of Existence

This document defines the NSEC3 and NSEC3PARAM resource records for DNSSEC.

Abstract

The DNS Security (DNSSEC) Hashed Authenticated Denial of Existence mechanism described in this document uses a new NSEC3 resource record that uses a cryptographic hash of the owner name to prevent zone enumeration.

RFC 5155 - DNS Security (DNSSEC) Hashed Authenticated Denial of Existence This document defines the NSEC3 and NSEC3PARAM resource records for DNSSEC. Abstract: The DNS Security (DNSSEC) Hashed Authenticated Denial of Existence mechanism described in this document uses a new NSEC3 resource record that uses a cryptographic hash of the owner name to prevent zone enumeration.

Quick Info

RFC Number:
5155

Category:
DNSSEC

Published:
2008-03

External Links:
IETF Tools
RFC Editor