Jul 30 – 31, 2022
Sheraton Philadelphia Downtown
US/Eastern timezone

ZONEMD and the Root Zone

Jul 30, 2022, 4:05 PM
Liberty D (Sheraton Philadelphia Downtown)

Liberty D

Sheraton Philadelphia Downtown

201 North 17th Street Philadelphia PA 19103 United States
Standard Presentation Main Session OARC 38 Day 1


Duane Wessels (Verisign)


Last year the IETF published RFC 8976, titled "Message Digest for DNS Zones." It describes a protocol and new DNS record that provides a cryptographic message digest over DNS zone data. When used in combination with DNSSEC, it allows recipients to verify zone data for integrity and origin authenticity, providing assurance that received zone data matches published data, regardless of how it was transmitted and received.

This presentation provides an introduction to the zone digest protocol, its record format, parameters, and use cases. It also covers known implementations of the protocol and provides some benchmark measurements for zones of varying size. Lastly, it introduces plans to deploy the ZONEMD protocol in the root zone.

Presentation delivery In-person at the workshop venue

Primary author

Duane Wessels (Verisign)

Presentation materials