blank.gif (43 bytes)

Church Of The
Swimming Elephant

6.2 Boot File Format Connected: An Internet Encyclopedia
6.2 Boot File Format

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 6. The AD and CD Bits and How to Resolve Securely
Prev: 6.1 The AD and CD Header Bits
Next: 6.3 Chaining Through Zones

6.2 Boot File Format

6.2 Boot File Format

Two boot file directives are added as described in this section.

The format for a boot file directive to configure a starting zone key is as follows:

        pubkey name flags protocol algorithm key-data

for a public key. "name" is the owner name (if the line is translated into a KEY RR). Flags indicates the type of key and is the same as the flag octet in the KEY RR. Protocol and algorithm also have the same meaning as they do in the KEY RR. The material after the algorithm is algorithm dependent and, for private algorithms (algorithm 254), starts with the algorithm's identifying OID and its length. If the "no key" type value is set in flags or the algorithm is specified as 253, then the key-data after algorithm is null. When present the key-data is treated as an octet stream and encoded in base 64 (see Appendix).

A file of keys for cross certification or other purposes can be configured though the keyfile directive as follows:

        keyfile filename

The file looks like a master file except that it can only contain KEY and SIG RRs with the SIGs signed under a key configured with the pubkey directive.

While it might seem logical for everyone to start with the key for the root zone, this has problems. The logistics of updating every DNS resolver in the world when the root key changes would be excessive. It may be some time before there even is a root key. Furthermore, many organizations will explicitly wish their "interior" DNS implementations to completely trust only their own zone. Such interior resolvers can then go through the organization's zone servers to access data outsize the organization's domain and should only be configured with the key forthe organization's DNS apex.

Next: 6.3 Chaining Through Zones

Connected: An Internet Encyclopedia
6.2 Boot File Format


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609