rfc4035 — Search

US RFC 7871: Client Subnet in DNS Queries

…on and data integrity to the DNS, as described in RFC4033 ], [ RFC4034 ], and [ RFC4035 ]. OPT records are not signed. Use of this option, however, does imply increased DNS traffic between any given Recursive Resolver and Authoritative Nameserver, which could be another barrier t…

2026-04-24 13:38 View archive →

US RFC Errata Report » RFC Editor

http://www.rfc-editor.org/errata_search.php

…ach algorithm present in the DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a malicious party cannot filter out the RSA/SHA-2 RRSIG and force the validator to use the RSA/SHA-1 signature if both are present in the zone. This should provide resilience against algori…

2026-04-24 09:24 View archive →

US RFC Errata Report » RFC Editor

https://www.rfc-editor.org/errata_search.php

…ach algorithm present in the DNSKEY RRSet at the zone apex (see Section 2.2 of [RFC4035]), a malicious party cannot filter out the RSA/SHA-2 RRSIG and force the validator to use the RSA/SHA-1 signature if both are present in the zone. This should provide resilience against algori…

2026-04-24 07:35 View archive →