{"draft":"draft-ietf-dnsop-multi-provider-dnssec-05","doc_id":"RFC8901","title":"Multi-Signer DNSSEC Models","authors":["S. Huque","P. Aras","J. Dickinson","J. Vcelak","D. Blacka"],"format":["HTML","TEXT","PDF","XML"],"page_count":"13","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Domain Name System Operations","abstract":"Many enterprises today employ the service of multiple DNS providers\r\nto distribute their authoritative DNS service. Deploying DNSSEC in\r\nsuch an environment may present some challenges, depending on the\r\nconfiguration and feature set in use. In particular, when each DNS\r\nprovider independently signs zone data with their own keys,\r\nadditional key-management mechanisms are necessary. This document\r\npresents deployment models that accommodate this scenario and\r\ndescribes these key-management requirements. These models do not\r\nrequire any changes to the behavior of validating resolvers, nor do\r\nthey impose the new key-management requirements on authoritative\r\nservers not involved in multi-signer configurations.","pub_date":"September 2020","keywords":["DNSSEC","Multiple","Provider","Signer","Models"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8901","errata_url":null}