DNAME Redirection in the DNS

Rose, Scott; Wijngaards, Wouter C. A.

doi:10.17487/rfc6672

Cited by 19 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CNAMEs (see [RFC2181]) and DNAMEs (see [RFC6672]) can be followed to obtain an OPENPGPKEY RR, as long as the original recipient's email address appears as one of the OpenPGP public key UIDs. If one of the OpenPGP key UIDs contains only a single wildcard as the left-hand side of the email address, such as "*@example.com", the OpenPGP public key may be used for any email address within that domain.…”

Section: Public Key Uids and Query Namesmentioning

confidence: 99%

See 1 more Smart Citation

DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP

Wouters¹

2016

View full text Add to dashboard Cite

OpenPGP is a message format for email (and file) encryption that lacks a standardized lookup mechanism to securely obtain OpenPGP public keys. DNS-Based Authentication of Named Entities (DANE) is a method for publishing public keys in DNS. This document specifies a DANE method for publishing and locating OpenPGP public keys in DNS for a specific email address using a new OPENPGPKEY DNS resource record. Security is provided via Secure DNS, however the OPENPGPKEY record is not a replacement for verification of authenticity via the

show abstract

Section: Public Key Uids and Query Namesmentioning

confidence: 99%

“…The domain name part of the email address is not used as part of the hash so that hashes can be used in multiple zones deployed using DNAME [RFC6672]. This does makes it slightly easier and cheaper to brute-force the SHA2-256 hashes into common and short local-parts, as single rainbow tables can be re-used across domains.…”

Section: Email Address Information Leakmentioning

confidence: 99%

DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP

Wouters¹

2016

View full text Add to dashboard Cite

show abstract

“…The domain name part of the email address is not used as part of the hash so that hashes can be used in multiple zones deployed using DNAME [RFC6672]. This makes it slightly easier and cheaper to bruteforce the SHA2-256 hashes into common and short local-parts, as single rainbow tables [Rainbow] can be reused across domains.…”

Section: Email Address Information Leakmentioning

confidence: 99%

Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Schlyter¹,

Hoffman²

2017

View full text Add to dashboard Cite

show abstract

“…This is not strictly speaking true, although in this case the domain operator could simply create a DNAME record [RFC6672] from the UTF-8 name to the IDNA2008 zone. This still, however, relies on being able to reach the (UTF-8) name in question, and it is unlikely that the UTF-8 version of the zone will be delegated from anywhere.…”

Section: The Portion Of the Service Instance Namementioning

confidence: 99%

Selecting Labels for Use with Conventional DNS and Other Resolution Systems in DNS-Based Service Discovery

Sullivan¹

2017

View full text Add to dashboard Cite

Despite its name, DNS-Based Service Discovery (DNS-SD) can use naming systems other than DNS when looking for services. Moreover, when it uses DNS, DNS-SD uses the full capability of DNS, rather than using a subset of available octets. This is of particular relevance where some environments use DNS labels that conform to Internationalized Domain Names for Applications (IDNA), and other environments use labels containing Unicode characters (such as containing octets corresponding to characters encoded as UTF-8). In order for DNS-SD to be used effectively in environments where multiple different name systems and conventions for their operation are in use, it is important to attend to differences in the underlying technology and operational environment. This memo presents an outline of the requirements for the selection of labels for conventional DNS and other resolution systems when they are expected to interoperate in this manner.

show abstract

DNAME Redirection in the DNS

Cited by 19 publications

References 7 publications

DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP

DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP

Using Secure DNS to Associate Certificates with Domain Names for S/MIME

Selecting Labels for Use with Conventional DNS and Other Resolution Systems in DNS-Based Service Discovery

Contact Info

Product

Resources

About