{"draft":"draft-ietf-dnsext-forgery-resilience-10","doc_id":"RFC5452","title":"Measures for Making DNS More Resilient against Forged Answers","authors":["A. Hubert","R. van Mook"],"format":["ASCII","HTML"],"page_count":"18","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"DNS Extensions","abstract":"The current Internet climate poses serious threats to the Domain Name\r\nSystem.  In the interim period before the DNS protocol can be secured\r\nmore fully, measures can already be taken to harden the DNS to make\r\n'spoofing' a recursing nameserver many orders of magnitude harder.\r\n\r\nEven a cryptographically secured DNS benefits from having the ability\r\nto discard bogus responses quickly, as this potentially saves large\r\namounts of computation.\r\n\r\nBy describing certain behavior that has previously not been\r\nstandardized, this document sets out how to make the DNS more\r\nresilient against accepting incorrect responses.  This document\r\nupdates RFC 2181.  [STANDARDS-TRACK]","pub_date":"January 2009","keywords":["[--------]","spoofing","source port","hardening"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC2181"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5452","errata_url":null}