Skip to main content

Aggressive Use of DNSSEC-Validated Cache
RFC 8198

Revision differences

Document history

Date By Action
2018-12-20
(System)
Received changes through RFC Editor sync (changed abstract to 'The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. …
Received changes through RFC Editor sync (changed abstract to 'The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC-validating resolvers to generate negative answers within a range and positive answers from wildcards. This increases performance, decreases latency, decreases resource utilization on both authoritative and recursive servers, and increases privacy. Also, it may help increase resilience to certain DoS attacks in some circumstances.

This document updates RFC 4035 by allowing validating resolvers to generate negative answers based upon NSEC/NSEC3 records and positive answers in the presence of wildcards.')
2017-07-25
(System)
Received changes through RFC Editor sync (created alias RFC 8198, changed title to 'Aggressive Use of DNSSEC-Validated Cache', changed abstract to 'The DNS relies …
Received changes through RFC Editor sync (created alias RFC 8198, changed title to 'Aggressive Use of DNSSEC-Validated Cache', changed abstract to 'The DNS relies upon caching to scale; however, the cache lookup generally requires an exact match. This document specifies the use of NSEC/NSEC3 resource records to allow DNSSEC-validating resolvers to generate negative answers within a range and positive answers from wildcards. This increases performance, decreases latency, decreases resource utilization on both authoritative and recursive servers, and increases privacy. Also, it may help increase resilience to certain DoS attacks in some circumstances.', changed pages to 13, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2017-07-25, changed IESG state to RFC Published, created updates relation between draft-ietf-dnsop-nsec-aggressiveuse and RFC 4035)
2017-07-25
(System) RFC published