DNS Extensions (dnsext)
-----------------------
Charter
Last Modified: 2011-12-09
Current Status: Active Working Group
Chair(s):
Olafur Gudmundsson <ogud@ogud.com>
Andrew Sullivan <ajs@anvilwalrusden.com>
Internet Area Director(s):
Ralph Droms <rdroms.ietf@gmail.com>
Jari Arkko <jari.arkko@piuha.net>
Brian Haberman <brian@innovationslab.net>
Internet Area Advisor:
Ralph Droms <rdroms.ietf@gmail.com>
Mailing Lists:
General Discussion:dnsext@ietf.org
To Subscribe: https://www.ietf.org/mailman/listinfo/dnsext
Archive: http://www.ietf.org/mail-archive/web/dnsext/
Description of Working Group:
The DNS has a large installed base and repertoire of protocol
specifications. The DNSEXT working group will actively advance DNS
protocol-related RFCs on the standards track while thoroughly
reviewing further proposed extensions. The scope of the DNSEXT WG is
confined to the DNS protocol, particularly changes that affect DNS
protocols "on the wire" or the internal processing of DNS data. DNS
operations are out of scope for the WG.
The WG will consider work in the following areas:
* DNSSEC and TSIG/TKEY algorithm maintenance
* Mechanisms that complement, or are alternatives to, TSIG and SIG(0)
* Hardening DNS protocol and providing guidance to implementers
* Advancing existing DNS-related Proposed Standard RFCs to Draft/Full
Standard
* Obsoleting DNS-related RFCs
* Improving DNS zone synchronization mechanisms
* Examining transport protocols, possibly adding new ones
* Mechanisms to alias DNS trees or parts thereof
Before formal adoption of any work item at least 5 working group
participants must publicly state that the item is within charter and
is a worthwhile item for further study.
The DNSEXT WG will conduct the specified RFC5395 review of RR
templates as they are posted, and EDNS0 Option templates if EDNS0-bis
updates registration requirements.
The WG will review DNS protocol related work which may originate
elsewhere in the IETF, including AD-sponsored submissions or drafts
in other working group.
Goals and Milestones:
Done Forward NSEC rdata to IESG for Proposed Standard
Done Forward RFC2535-bis to IESG for proposed standard
Done Forward Case Insensitive to IESG for Proposed Standard
Done Forward LLMNR to IESG for Proposed Standard
Done Update boilerplate text on OPT-IN
Done Forward Wildcard clarification to IESG for proposed standard
Done Finalize Zone Enumeration Requirements
Done RFC2538 (CERT RR) to Draft Standard
Done Forgery Resilience advanced to IESG
Done GOST DNSKEY and DS support advanced to IESG
Done AXFR Clarify to IESG
Done DNS existing transport protocol recommendations/clarifications
to IESG
Apr 2011 RFC3597-bis Unknown RR advanced to IESG for PS
Jun 2011 EDNS0-bis update advanced to IESG
Done DNSKEY Registry fixes and allocation procedure advanced to IESG
Done DNAME-bis to IESG
Aug 2011 Algorithm signaling document to IESG
Oct 2011 DNSSEC Errata document to IESG
Nov 2011 Decision about new protocol elements, if any
Nov 2011 Requirements and current state survey document to IESG for
publication
Dec 2011 IXFR-only to IESG
Dec 2011 If new protocol elements, recharter
Internet-Drafts:
Posted Revised I-D Title <Filename>
------ ------- --------------------------------------------
May 2005 Jan 2012 <draft-ietf-dnsext-dnssec-bis-updates-16.txt>
Clarifications and Implementation Notes for DNSSECbis
Sep 2006 Nov 2011 <draft-ietf-dnsext-rfc2672bis-dname-25.txt>
DNAME Redirection in the DNS
Dec 2007 Feb 2012 <draft-ietf-dnsext-rfc2671bis-edns0-08.txt>
Extension Mechanisms for DNS (EDNS0)
Oct 2009 May 2011 <draft-ietf-dnsext-dnssec-registry-fixes-08.txt>
Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm
IANA Registry
Nov 2010 Jan 2012 <draft-ietf-dnsext-dnssec-algo-signal-03.txt>
Signaling Cryptographic Algorithm Understanding in DNSSEC
Jan 2011 Feb 2012 <draft-ietf-dnsext-ecdsa-06.txt>
Elliptic Curve DSA for DNSSEC
Jan 2012 Jan 2012 <draft-ietf-dnsext-xnamercode-00.txt>
xNAME RCODE and Status Bits Clarification
Jan 2012 Jan 2012 <draft-ietf-dnsext-dnssec-registry-update-00.txt>
DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates
Jan 2012 Jan 2012 <draft-ietf-dnsext-dnssec-algo-imp-status-00.txt>
Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm
Implementation Status
Request For Comments:
RFC Stat Published Title
------- -- ----------- ------------------------------------
RFC2782 PS Feb 2000 A DNS RR for specifying the location of services (DNS
SRV)
RFC2845Standard Jun 2000 Secret Key Transaction Authentication for DNS (TSIG)
RFC2929BCP Sep 2000 Domain Name System (DNS) IANA Considerations
RFC2930 PS Sep 2000 Secret Key Establishment for DNS (TKEY RR)
RFC2931 PS Sep 2000 DNS Request and Transaction Signatures ( SIG(0)s )
RFC3008 PS Dec 2000 Domain Name System Security (DNSSEC) Signing Authority
RFC3007 PS Dec 2000 Secure Domain Name System (DNS) Dynamic Update
RFC3090 PS Mar 2001 DNS Security Extension Clarification on Zone Status
RFC3110 PS May 2001 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System
(DNS)
RFC3123 E Jun 2001 A DNS RR Type for Lists of Address Prefixes (APL RR)
RFC3197 I Nov 2001 Applicability Statement for DNS MIB Extensions
RFC3225 PS Dec 2001 Indicating Resolver Support of DNSSEC
RFC3226 PS Dec 2001 DNSSEC and IPv6 A6 aware server/resolver message size
requirements
RFC3364 I Aug 2002 Tradeoffs in DNS support for IPv6
RFC3363 I Aug 2002 Representing IPv6 addresses in DNS
RFC3425 PS Nov 2002 Obsoleting IQUERY
RFC3445 PS Dec 2002 Limiting the Scope of the KEY Resource Record out
RFC3597 PS Sep 2003 Handling of Unknown DNS Resource Record (RR) Types
RFC3596Standard Oct 2003 DNS Extensions to support IP version 6
RFC3645Standard Oct 2003 GSS Algorithm for TSIG (GSS-TSIG)
RFC3655Standard Nov 2003 Redefinition of DNS AD bit
RFC3658Standard Dec 2003 Delegation Signer Resource Record
RFC3755Standard May 2004 Legacy Resolver Compatibility for Delegation Signer
RFC3757Standard May 2004 KEY RR Secure Entry Point Flag
RFC3845Standard Aug 2004 DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
RFC3833 I Aug 2004 Threat Analysis Of The Domain Name System
RFC4035Standard Apr 2005 Protocol Modifications for the DNS Security Extensions
RFC4034Standard Apr 2005 Resource Records for the DNS Security Extensions
RFC4033Standard Apr 2005 DNS Security Introduction and Requirements
RFC4343Standard Jan 2006 Domain Name System (DNS) Case Insensitivity
Clarification
RFC4398 PS Mar 2006 Storing Certificates in the Domain Name System (DNS)
RFC4470 PS Apr 2006 Minimally Covering NSEC Records and DNSSEC On-line
Signing
RFC4509 PS May 2006 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource
Records (RRs)
RFC4592 PS Jul 2006 The Role of Wildcards in the Domain Name System
RFC4635 PS Aug 2006 HMAC SHA (Hashed Message Authentication Code, Secure
Hash Algorithm) TSIG Algorithm Identifiers
RFC4471 E Sep 2006 Derivation of DNS Name Predecessor and Successor
RFC4701 PS Oct 2006 A DNS Resource Record (RR) for Encoding Dynamic Host
Configuration Protocol (DHCP) Information (DHCID RR)
RFC4795 I Jan 2007 Link-local Multicast Name Resolution (LLMNR)
RFC4955 PS Jul 2007 DNS Security (DNSSEC) Experiments
RFC4956 E Jul 2007 DNS Security (DNSSEC) Opt-In
RFC5001 PS Aug 2007 DNS Name Server Identifier Option (NSID)
RFC4986 I Aug 2007 Requirements Related to DNS Security (DNSSEC) Trust
Anchor Rollover
RFC5011 PS Sep 2007 Automated Updates of DNS Security (DNSSEC) Trust Anchors
RFC5155 PS Mar 2008 DNS Security (DNSSEC) Hashed Authenticated Denial of
Existence
RFC5395BCP Nov 2008 Domain Name System (DNS) IANA Considerations
RFC5452 PS Jan 2009 Measures for Making DNS More Resilient against Forged
Answers
RFC5625BCP Aug 2009 DNS Proxy Implementation Guidelines
RFC5702 PS Oct 2009 Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG
Resource Records for DNSSEC
RFC5936 PS Jun 2010 DNS Zone Transfer Protocol (AXFR)
RFC5933 PS Jul 2010 Use of GOST Signature Algorithms in DNSKEY and RRSIG
Resource Records for DNSSEC
RFC5966 PS Aug 2010 DNS Transport over TCP - Implementation Requirements
RFC6014 PS Nov 2010 Cryptographic Algorithm Identifier Allocation for DNSSEC
RFC6195BCP Mar 2011 Domain Name System (DNS) IANA Considerations