Automated Updates of DNS Security (DNSSEC) Trust Anchors
E750447
"Automated Updates of DNS Security (DNSSEC) Trust Anchors" is an IETF specification that defines a mechanism for DNS resolvers to automatically maintain and update their DNSSEC trust anchors without manual intervention.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Automated Updates of DNS Security (DNSSEC) Trust Anchors canonical | 1 |
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
DNSSEC specification
ⓘ
IETF specification ⓘ Internet standard track document ⓘ |
| addresses |
trust anchor lifecycle management
ⓘ
trust anchor revocation ⓘ trust anchor rollover events ⓘ |
| aimsTo |
eliminate manual intervention in DNSSEC trust anchor updates
ⓘ
improve operational reliability of DNSSEC validation ⓘ support automated trust anchor rollover ⓘ |
| appliesTo | DNS resolvers ⓘ |
| area | Domain Name System Security Extensions NERFINISHED ⓘ |
| assumes | existence of at least one initial trust anchor ⓘ |
| category |
DNS operations specification
ⓘ
Internet security protocol specification ⓘ |
| contributesTo |
automation of DNSSEC key management
ⓘ
end-to-end integrity of DNS responses ⓘ |
| defines |
mechanism for automatic maintenance of DNSSEC trust anchors
ⓘ
mechanism for automatic update of DNSSEC trust anchors ⓘ |
| documentationType | technical specification ⓘ |
| focusesOn | DNSSEC trust anchor management ⓘ |
| goal |
enable scalable deployment of DNSSEC
ⓘ
maintain a current and correct set of DNSSEC trust anchors ⓘ reduce configuration errors in DNSSEC validation ⓘ |
| governs |
how resolvers discover new DNSSEC trust anchors
ⓘ
how resolvers retire obsolete DNSSEC trust anchors ⓘ |
| improves |
operational manageability of DNSSEC
ⓘ
resilience of DNSSEC validation to key changes ⓘ |
| intendedFor |
implementers of DNS resolver software
ⓘ
operators of DNSSEC validating resolvers ⓘ |
| mechanismType | automated trust anchor update protocol ⓘ |
| operatesOn | DNSSEC trust anchor data ⓘ |
| operatesWithin | DNS resolution process ⓘ |
| partOf | DNSSEC operational best practices ⓘ |
| reduces |
need for manual distribution of trust anchors
ⓘ
risk of outdated trust anchors in resolvers ⓘ |
| relatedTo |
DNS root key signing key rollover
ⓘ
DNSSEC key rollover procedures ⓘ |
| relatesTo |
DNS root zone trust anchor
ⓘ
DNSSEC validating resolvers ⓘ |
| requires |
DNSSEC validation capability in resolvers
ⓘ
support for specific DNS record types carrying trust anchor information ⓘ |
| securityProperty |
authenticates updated trust anchor material using DNSSEC
ⓘ
protects against unauthorized trust anchor changes ⓘ supports validation of new trust anchors before activation ⓘ |
| standardizedBy | Internet Engineering Task Force NERFINISHED ⓘ |
| uses |
DNS resource records to convey trust anchor information
ⓘ
DNSSEC trust anchor signaling ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.