Domain Name System

  • Anycast DNS
  • ISC Bind
  • DNSSEC
  • DNS Firewall
anycast graphic

Catch the DDI Guru's Anycast DNS Article Series! This series demonstrates how Anycast DNS works, its benefits, and how to deploy it using static routing, RIP v2, OSPF, and BGP. In our series we use Open Source host-based routing software, Quagga, and provide detailed recipes on how to configure the various protocol engines.

Anycast DNS OverviewAnycast DNS Using OSPF (basic)
Anycast DNS Using Static RoutesAnycast DNS Using OSPF (advanced)
Anycast DNS Using RIPAnycast DNS Using BGP
Anycast DNS Using RIP (continued) 
Next in the series, Anycast DNS - Part 6, Using IPAM Appliances
Version Status Release Date EOL
9.10.1-P1Current-StableDecember 2014TBA
9.10.2bDevelopmentJanuary 2015Upon Release of BIND 9.10.2
9.9.6-P1Current-Stable, ESVDecember 2014Jun 2017
9.9.7b1Development, ESVJanuary 2015Upon release of BIND 9.9.7

DDI Guru blogs about DNS Response Policy Zone technology and new DNS Firewall Products.

DNS Firewall

Coming soon...

DNS RFCs

Document Title Date Status AD/Sheperd
RFC 1101 DNS encoding of network names and other types 1989-04 RFC 1101 (Unknown)
RFC 1183 New DNS RR Definitions 1990-10 RFC 1183 (Experimental)
RFC 1348 DNS NSAP RRs 1992-07 RFC 1348 (Experimental)
Obsoleted by RFC1637
RFC 1383 An Experiment in DNS Based IP Routing 1992-12 RFC 1383 (Experimental)
RFC 1401 Correspondence between the IAB and DISA on the use of DNS 1993-01 RFC 1401 (Informational)
RFC 1464
(was draft-rosenbaum-dns-storage)
Using the Domain Name System To Store Arbitrary String Attributes 1993-05 RFC 1464 (Experimental)
RFC 1535 A Security Problem and Proposed Correction With Widely Deployed DNS Software 1993-10 RFC 1535 (Informational)
RFC 1536
(was draft-ietf-dns-common-errors)
Common DNS Implementation Errors and Suggested Fixes 1993-10 RFC 1536 (Informational)
RFC 1537
(was draft-ietf-dns-config-errors)
Common DNS Data File Configuration Errors 1993-10 RFC 1537 (Informational)
Obsoleted by RFC1912
RFC 1611
(was draft-ietf-dns-server-mib)
DNS Server MIB Extensions 1994-05 RFC 1611 (Historic)
RFC 1612
(was draft-ietf-dns-resolver-mib)
DNS Resolver MIB Extensions 1994-05 RFC 1612 (Historic)
RFC 1637
(was draft-manning-dns-nsap)
DNS NSAP Resource Records 1994-06 RFC 1637 (Experimental)
Obsoleted by RFC1706
RFC 1664
(was draft-ietf-x400ops-dnsx400maps)
Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables 1994-08 RFC 1664 (Experimental)
Obsoleted by RFC2163
RFC 1706 DNS NSAP Resource Records 1994-10 RFC 1706 (Informational)
RFC 1712 DNS Encoding of Geographical Location 1994-11 RFC 1712 (Experimental)
RFC 1713 Tools for DNS debugging 1994-11 RFC 1713 (Informational)
RFC 1794
(was draft-ietf-dns-lb)
DNS Support for Load Balancing 1995-04 RFC 1794 (Informational)
RFC 1876
(was draft-davis-dns-loc)
A Means for Expressing Location Information in the Domain Name System 1996-01 RFC 1876 (Experimental)
RFC 1886
(was draft-ietf-ipngwg-dns)
DNS Extensions to support IP version 6 1995-12 RFC 1886 (Proposed Standard)
Obsoleted by RFC3596
Updated by RFC2874 , RFC3152
RFC 1912
(was draft-rfced-info-barr)
Common DNS Operational and Configuration Errors 1996-02 RFC 1912 (Informational)
RFC 1982
(was draft-ietf-dnsind-serial)
Serial Number Arithmetic 1996-08 RFC 1982 (Proposed Standard)
RFC 1995
(was draft-ietf-dnsind-ixfr)
Incremental Zone Transfer in DNS 1996-08 RFC 1995 (Proposed Standard)
RFC 1996
(was draft-ietf-dnsind-notify)
A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) 1996-08 RFC 1996 (Proposed Standard)
RFC 2010
(was draft-manning-dnssvr-criteria)
Operational Criteria for Root Name Servers 1996-10 RFC 2010 (Informational)
Obsoleted by RFC2870
RFC 2052
(was draft-gulbrandsen-dns-rr-srvcs)
A DNS RR for specifying the location of services (DNS SRV) 1996-10 RFC 2052 (Experimental)
Obsoleted by RFC2782
RFC 2065
(was draft-ietf-dnssec-secext)
Domain Name System Security Extensions 1997-01 RFC 2065 (Proposed Standard)
Obsoleted by RFC2535
RFC 2136
(was draft-ietf-dnsind-dynDNS)
Dynamic Updates in the Domain Name System (DNS UPDATE) 1997-04 RFC 2136 (Proposed Standard)
RFC 2137
(was draft-ietf-dnssec-update)
Secure Domain Name System Dynamic Update 1997-04 RFC 2137 (Proposed Standard)
Obsoleted by RFC3007
RFC 2163
(was draft-ietf-mixer-rfc1664bis)
Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM) 1998-01 RFC 2163 (Proposed Standard)
Updated by RFC3597
RFC 2181
(was draft-ietf-dnsind-clarify)
Clarifications to the DNS Specification 1997-07 RFC 2181 (Proposed Standard)
RFC 2182
(was draft-ietf-dnsind-2ndry)
Selection and Operation of Secondary DNS Servers 1997-07 RFC 2182 (Best Current Practice)
RFC 2219
(was draft-ietf-ids-dnsnames)
Use of DNS Aliases for Network Services 1997-10 RFC 2219 (Best Current Practice)
RFC 2230
(was draft-rfced-info-atkinson)
Key Exchange Delegation Record for the DNS 1997-11 RFC 2230 (Informational)
RFC 2308
(was draft-ietf-dnsind-ncache)
Negative Caching of DNS Queries (DNS NCACHE) 1998-03 RFC 2308 (Proposed Standard)
RFC 2317
(was draft-ietf-dnsind-classless-inaddr)
Classless IN-ADDR.ARPA delegation 1998-03 RFC 2317 (Best Current Practice)
RFC 2517
(was draft-rfced-info-moats)
Building Directories from DNS: Experiences from WWWSeeker 1999-02 RFC 2517 (Informational)
RFC 2535
(was draft-ietf-dnssec-secext2)
Domain Name System Security Extensions 1999-03 RFC 2535 (Proposed Standard)
RFC 2536
(was draft-ietf-dnssec-dss)
DSA KEYs and SIGs in the Domain Name System (DNS) 1999-03 RFC 2536 (Proposed Standard)
Updated by RFC6944
RFC 2537
(was draft-ietf-dnssec-rsa)
RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) 1999-03 RFC 2537 (Proposed Standard)
Obsoleted by RFC3110
RFC 2538
(was draft-ietf-dnssec-certs)
Storing Certificates in the Domain Name System (DNS) 1999-03 RFC 2538 (Proposed Standard)
Obsoleted by RFC4398
RFC 2539
(was draft-ietf-dnssec-dhk)
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) 1999-03 RFC 2539 (Proposed Standard)
Updated by RFC6944
RFC 2540
(was draft-ietf-dnssec-ddi)
Detached Domain Name System (DNS) Information 1999-03 RFC 2540 (Experimental)
RFC 2541
(was draft-ietf-dnssec-secops)
DNS Security Operational Considerations 1999-03 RFC 2541 (Informational)
Obsoleted by RFC4641
RFC 2606
(was draft-ietf-dnsind-test-tlds)
Reserved Top Level DNS Names 1999-06 RFC 2606 (Best Current Practice)
Updated by RFC6761
RFC 2671
(was draft-ietf-dnsind-edns0)
Extension Mechanisms for DNS (EDNS0) 1999-08 RFC 2671 (Proposed Standard)
Obsoleted by RFC6891
RFC 2672
(was draft-ietf-dnsind-dname)
Non-Terminal DNS Name Redirection 1999-08 RFC 2672 (Proposed Standard)
Obsoleted by RFC6672
Updated by RFC4592 , RFC6604
RFC 2673
(was draft-ietf-dnsind-binary-labels)
Binary Labels in the Domain Name System 1999-08 RFC 2673 (Historic)
Obsoleted by RFC6891
Updated by RFC3363 , RFC3364
RFC 2694
(was draft-ietf-nat-dns-alg)
DNS extensions to Network Address Translators (DNS_ALG) 1999-09 RFC 2694 (Informational)
RFC 2782
(was draft-ietf-dnsind-rfc2052bis)
A DNS RR for specifying the location of services (DNS SRV) 2000-02 RFC 2782 (Proposed Standard)
Updated by RFC6335
RFC 2825
(was draft-iab-i18n-dns)
A Tangled Web: Issues of I18N, Domain Names, and the Other Internet protocols 2000-05 RFC 2825 (Informational)
RFC 2826
(was draft-iab-unique-dns-root)
IAB Technical Comment on the Unique DNS Root 2000-05 RFC 2826 (Informational) IAB
RFC 2845
(was draft-ietf-dnsext-tsig)
Secret Key Transaction Authentication for DNS (TSIG) 2000-05 RFC 2845 (Proposed Standard)
RFC 2870
(was draft-ietf-dnsop-root-opreq)
Root Name Server Operational Requirements 2000-06 RFC 2870 (Best Current Practice)
RFC 2874
(was draft-ietf-ipngwg-dns-lookups)
DNS Extensions to Support IPv6 Address Aggregation and Renumbering 2000-07 RFC 2874 (Historic) Ralph Droms
RFC 2915
(was draft-ietf-urn-naptr-rr)
The Naming Authority Pointer (NAPTR) DNS Resource Record 2000-09 RFC 2915 (Proposed Standard)
RFC 2916
(was draft-ietf-enum-e164-dns)
E.164 number and DNS 2000-09 RFC 2916 (Proposed Standard)
Obsoleted by RFC3761
RFC 2929
(was draft-ietf-dnsext-iana-dns)
Domain Name System (DNS) IANA Considerations 2000-09 RFC 2929 (Best Current Practice)
Obsoleted by RFC5395
RFC 2930
(was draft-ietf-dnsext-tkey)
Secret Key Establishment for DNS (TKEY RR) 2000-09 RFC 2930 (Proposed Standard)
Updated by RFC6895
RFC 2931
(was draft-ietf-dnsext-sig-zero)
DNS Request and Transaction Signatures ( SIG(0)s ) 2000-09 RFC 2931 (Proposed Standard)
RFC 3007
(was draft-ietf-dnsext-simple-secure-update)
Secure Domain Name System (DNS) Dynamic Update 2000-11 RFC 3007 (Proposed Standard)
RFC 3008
(was draft-ietf-dnsext-signing-auth)
Domain Name System Security (DNSSEC) Signing Authority 2000-11 RFC 3008 (Proposed Standard)
Updated by RFC3658
RFC 3071
(was draft-klensin-1591-reflections)
Reflections on the DNS, RFC 1591, and Categories of Domains 2001-02 RFC 3071 (Informational)
RFC 3090
(was draft-ietf-dnsext-zone-status)
DNS Security Extension Clarification on Zone Status 2001-03 RFC 3090 (Proposed Standard)
Updated by RFC3658
RFC 3110
(was draft-ietf-dnsext-rsa)
RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) 2001-05 RFC 3110 (Proposed Standard)
Updated by RFC6944
RFC 3123
(was draft-ietf-dnsext-apl-rr)
A DNS RR Type for Lists of Address Prefixes (APL RR) 2001-06 RFC 3123 (Experimental)
RFC 3130
(was draft-lewis-state-of-dnssec)
Notes from the State-Of-The-Technology: DNSSEC 2001-06 RFC 3130 (Informational)
RFC 3197
(was draft-ietf-dnsext-dnsmib-historical)
Applicability Statement for DNS MIB Extensions 2001-11 RFC 3197 (Informational)
RFC 3225
(was draft-ietf-dnsext-dnssec-okbit)
Indicating Resolver Support of DNSSEC 2001-12 RFC 3225 (Proposed Standard)
RFC 3226
(was draft-ietf-dnsext-message-size)
DNSSEC and IPv6 A6 aware server/resolver message size requirements 2001-12 RFC 3226 (Proposed Standard)
RFC 3258
(was draft-ietf-dnsop-hardie-shared-root-server)
Distributing Authoritative Name Servers via Shared Unicast Addresses 2002-04 RFC 3258 (Informational) Randy Bush
RFC 3363
(was draft-ietf-dnsext-ipv6-addresses)
Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS) 2002-08 RFC 3363 (Informational)
Updated by RFC6672
Thomas Narten
RFC 3364
(was draft-ietf-dnsext-ipv6-dns-tradeoffs)
Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6) 2002-08 RFC 3364 (Informational) Thomas Narten
RFC 3403
(was draft-ietf-urn-dns-ddds-database)
Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database 2002-10 RFC 3403 (Proposed Standard) Patrik Fältström
RFC 3425
(was draft-ietf-dnsext-obsolete-iquery)
Obsoleting IQUERY 2002-11 RFC 3425 (Proposed Standard) Erik Nordmark
RFC 3445
(was draft-ietf-dnsext-restrict-key-for-dnssec)
Limiting the Scope of the KEY Resource Record (RR) 2002-12 RFC 3445 (Proposed Standard) Erik Nordmark
RFC 3467
(was draft-klensin-dns-role)
Role of the Domain Name System (DNS) 2003-03 RFC 3467 (Informational) Erik Nordmark
RFC 3596
(was draft-ietf-dnsext-rfc1886bis)
DNS Extensions to Support IP Version 6 2003-10 RFC 3596 (Draft Standard) Erik Nordmark
RFC 3597
(was draft-ietf-dnsext-unknown-rrs)
Handling of Unknown DNS Resource Record (RR) Types 2003-09 RFC 3597 (Proposed Standard) Ralph Droms
RFC 3645
(was draft-ietf-dnsext-gss-tsig)
Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG) 2003-10 RFC 3645 (Proposed Standard) Erik Nordmark
RFC 3646
(was draft-ietf-dhc-dhcpv6-opt-dnsconfig)
DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 2003-12 RFC 3646 (Proposed Standard) Thomas Narten
RFC 3655
(was draft-ietf-dnsext-ad-is-secure)
Redefinition of DNS Authenticated Data (AD) bit 2003-11 RFC 3655 (Proposed Standard) Erik Nordmark
RFC 3658
(was draft-ietf-dnsext-delegation-signer)
Delegation Signer (DS) Resource Record (RR) 2003-12 RFC 3658 (Proposed Standard)
Updated by RFC3755
Thomas Narten
RFC 3755
(was draft-ietf-dnsext-dnssec-2535typecode-change)
Legacy Resolver Compatibility for Delegation Signer (DS) 2004-05 RFC 3755 (Proposed Standard)
Updated by RFC3757 , RFC3845
Thomas Narten
RFC 3757
(was draft-ietf-dnsext-keyrr-key-signing-flag)
Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag 2004-05 RFC 3757 (Proposed Standard) Thomas Narten
RFC 3832
(was draft-zhao-slp-remote-da-discovery)
Remote Service Discovery in the Service Location Protocol (SLP) via DNS SRV 2004-07 RFC 3832 (Experimental) Thomas Narten
RFC 3833
(was draft-ietf-dnsext-dns-threats)
Threat Analysis of the Domain Name System (DNS) 2004-08 RFC 3833 (Informational) Thomas Narten
RFC 3845
(was draft-ietf-dnsext-nsec-rdata)
DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format 2004-08 RFC 3845 (Proposed Standard) Thomas Narten
RFC 3901
(was draft-ietf-dnsop-ipv6-transport-guidelines)
DNS IPv6 Transport Operational Guidelines 2004-09 RFC 3901 (Best Current Practice) David Kessens
RFC 4025
(was draft-ietf-ipseckey-rr)
A Method for Storing IPsec Keying Material in DNS 2005-03 RFC 4025 (Proposed Standard) Russ Housley
RFC 4027
(was draft-josefsson-mime-dns)
Domain Name System Media Types 2005-05 RFC 4027 (Informational) Ted Hardie
RFC 4033
(was draft-ietf-dnsext-dnssec-intro)
DNS Security Introduction and Requirements 2005-03 RFC 4033 (Proposed Standard)
Updated by RFC6014 , RFC6840
Thomas Narten
RFC 4034
(was draft-ietf-dnsext-dnssec-records)
Resource Records for the DNS Security Extensions 2005-03 RFC 4034 (Proposed Standard) Thomas Narten
RFC 4035
(was draft-ietf-dnsext-dnssec-protocol)
Protocol Modifications for the DNS Security Extensions 2005-03 RFC 4035 (Proposed Standard) Thomas Narten
RFC 4074
(was draft-ietf-dnsop-misbehavior-against-aaaa)
Common Misbehavior Against DNS Queries for IPv6 Addresses 2005-06 RFC 4074 (Informational) David Kessens
RFC 4183
(was draft-warnicke-network-dns-resolution)
A Suggested Scheme for DNS Resolution of Networks and Gateways 2005-09 RFC 4183 (Informational) David Kessens
RFC 4185
(was draft-klensin-idn-tld)
National and Local Characters for DNS Top Level Domain (TLD) Names 2005-10 RFC 4185 (Informational) Margaret Wasserman
RFC 4255
(was draft-ietf-secsh-dns)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints 2006-01 RFC 4255 (Proposed Standard) Russ Housley
RFC 4310
(was draft-hollenbeck-epp-secdns)
Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) 2005-12 RFC 4310 (Proposed Standard)
Obsoleted by RFC5910
David Kessens
RFC 4339
(was draft-ietf-dnsop-ipv6-dns-configuration)
IPv6 Host Configuration of DNS Server Information Approaches 2006-02 RFC 4339 (Informational) David Kessens
RFC 4343
(was draft-ietf-dnsext-insensitive)
Domain Name System (DNS) Case Insensitivity Clarification 2006-01 RFC 4343 (Proposed Standard) Margaret Wasserman
RFC 4367
(was draft-iab-dns-assumptions)
What's in a Name: False Assumptions about DNS Names 2006-02 RFC 4367 (Informational) Bert Wijnen
RFC 4398
(was draft-ietf-dnsext-rfc2538bis)
Storing Certificates in the Domain Name System (DNS) 2006-03 RFC 4398 (Proposed Standard)
Updated by RFC6944
Margaret Wasserman
RFC 4431
(was draft-andrews-dlv-dns-rr)
The DNSSEC Lookaside Validation (DLV) DNS Resource Record 2006-02 RFC 4431 (Informational) Margaret Wasserman
RFC 4470
(was draft-ietf-dnsext-dnssec-online-signing)
Minimally Covering NSEC Records and DNSSEC On-line Signing 2006-04 RFC 4470 (Proposed Standard) Margaret Wasserman
RFC 4471
(was draft-ietf-dnsext-dns-name-p-s)
Derivation of DNS Name Predecessor and Successor 2006-09 RFC 4471 (Experimental) Mark Townsley
RFC 4472
(was draft-ietf-dnsop-ipv6-dns-issues)
Operational Considerations and Issues with IPv6 DNS 2006-04 RFC 4472 (Informational) David Kessens
RFC 4501
(was draft-josefsson-dns-url)
Domain Name System Uniform Resource Identifiers 2006-05 RFC 4501 (Proposed Standard) Ted Hardie
RFC 4509
(was draft-ietf-dnsext-ds-sha256)
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) 2006-05 RFC 4509 (Proposed Standard) Margaret Wasserman
RFC 4592
(was draft-ietf-dnsext-wcard-clarify)
The Role of Wildcards in the Domain Name System 2006-07 RFC 4592 (Proposed Standard) Margaret Wasserman
RFC 4635
(was draft-ietf-dnsext-tsig-sha)
HMAC SHA (Hashed Message Authentication Code, Secure Hash Algorithm) TSIG Algorithm Identifiers 2006-08 RFC 4635 (Proposed Standard) Margaret Wasserman
RFC 4641
(was draft-ietf-dnsop-dnssec-operational-practices)
DNSSEC Operational Practices 2006-09 RFC 4641 (Informational)
Obsoleted by RFC6781
David Kessens
RFC 4690
(was draft-iab-idn-nextsteps)
Review and Recommendations for Internationalized Domain Names (IDNs) 2006-09 RFC 4690 (Informational) Mark Townsley
RFC 4697
(was draft-ietf-dnsop-bad-dns-res)
Observed DNS Resolution Misbehavior 2006-10 RFC 4697 (Best Current Practice) David Kessens
RFC 4701
(was draft-ietf-dnsext-dhcid-rr)
A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) 2006-10 RFC 4701 (Proposed Standard)
Updated by RFC5494
Margaret Wasserman
RFC 4703
(was draft-ietf-dhc-ddns-resolution)
Resolution of Fully Qualified Domain Name (FQDN) Conflicts among Dynamic Host Configuration Protocol (DHCP) Clients 2006-10 RFC 4703 (Proposed Standard) Margaret Wasserman
RFC 4795
(was draft-ietf-dnsext-mdns)
Link-local Multicast Name Resolution (LLMNR) 2007-01 RFC 4795 (Informational) Mark Townsley
RFC 4870
(was draft-delany-domainkeys-base)
Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys) 2007-05 RFC 4870 (Historic)
Obsoleted by RFC4871
Russ Housley
RFC 4892
(was draft-ietf-dnsop-serverid)
Requirements for a Mechanism Identifying a Name Server Instance 2007-06 RFC 4892 (Informational) David Kessens
RFC 4955
(was draft-ietf-dnsext-dnssec-experiments)
DNS Security (DNSSEC) Experiments 2007-07 RFC 4955 (Proposed Standard) Mark Townsley
RFC 4956
(was draft-ietf-dnsext-dnssec-opt-in)
DNS Security (DNSSEC) Opt-In 2007-07 RFC 4956 (Experimental) Mark Townsley
RFC 4986
(was draft-ietf-dnsext-rollover-requirements)
Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover 2007-08 RFC 4986 (Informational) Mark Townsley
RFC 5001
(was draft-ietf-dnsext-nsid)
DNS Name Server Identifier (NSID) Option 2007-08 RFC 5001 (Proposed Standard) Mark Townsley
RFC 5006
(was draft-jeong-dnsop-ipv6-dns-discovery)
IPv6 Router Advertisement Option for DNS Configuration 2007-09 RFC 5006 (Experimental)
Obsoleted by RFC6106
Mark Townsley
RFC 5011
(was draft-ietf-dnsext-trustupdate-timers)
Automated Updates of DNS Security (DNSSEC) Trust Anchors 2007-09 RFC 5011 (Internet Standard) Mark Townsley
RFC 5074
(was draft-weiler-dnssec-dlv)
DNSSEC Lookaside Validation (DLV) 2007-11 RFC 5074 (Informational) Russ Housley
RFC 5155
(was draft-ietf-dnsext-nsec3)
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence 2008-03 RFC 5155 (Proposed Standard)
Updated by RFC6840 , RFC6944
Mark Townsley
RFC 5158
(was draft-huston-6to4-reverse-dns)
6to4 Reverse DNS Delegation Specification 2008-03 RFC 5158 (Informational) Ron Bonica
RFC 5205
(was draft-ietf-hip-dns)
Host Identity Protocol (HIP) Domain Name System (DNS) Extensions 2008-04 RFC 5205 (Experimental) Mark Townsley
RFC 5358
(was draft-ietf-dnsop-reflectors-are-evil)
Preventing Use of Recursive Nameservers in Reflector Attacks 2008-10 RFC 5358 (Best Current Practice) Ron Bonica
RFC 5395
(was draft-ietf-dnsext-2929bis)
Domain Name System (DNS) IANA Considerations 2008-11 RFC 5395 (Best Current Practice)
Obsoleted by RFC6195
Mark Townsley
RFC 5452
(was draft-ietf-dnsext-forgery-resilience)
Measures for Making DNS More Resilient against Forged Answers 2009-01 RFC 5452 (Proposed Standard) Mark Townsley
RFC 5507
(was draft-iab-dns-choices)
Design Choices When Expanding the DNS 2009-04 RFC 5507 (Informational) Dan Romascanu
RFC 5509
(was draft-loreto-simple-im-srv-label)
Internet Assigned Numbers Authority (IANA) Registration of Instant Messaging and Presence DNS SRV RRs for the Session Initiation Protocol (SIP) 2009-04 RFC 5509 (Proposed Standard) Jon Peterson
RFC 5625
(was draft-ietf-dnsext-dnsproxy)
DNS Proxy Implementation Guidelines 2009-08 RFC 5625 (Best Current Practice) Ralph Droms
RFC 5679
(was draft-ietf-mipshop-mos-dns-discovery)
Locating IEEE 802.21 Mobility Services Using DNS 2009-12 RFC 5679 (Proposed Standard) Jari Arkko
RFC 5702
(was draft-ietf-dnsext-dnssec-rsasha256)
Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC 2009-10 RFC 5702 (Proposed Standard)
Updated by RFC6944
Ralph Droms
RFC 5782
(was draft-irtf-asrg-dnsbl)
DNS Blacklists and Whitelists 2010-02 RFC 5782 (Informational) Lisa Dusseault
RFC 5864
(was draft-allbery-afs-srv-records)
DNS SRV Resource Records for AFS 2010-04 RFC 5864 (Proposed Standard) Alexey Melnikov
RFC 5910
(was draft-gould-rfc4310bis)
Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) 2010-05 RFC 5910 (Proposed Standard) Alexey Melnikov
RFC 5933
(was draft-ietf-dnsext-dnssec-gost)
Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC 2010-07 RFC 5933 (Proposed Standard)
Updated by RFC6944
Ralph Droms
RFC 5936
(was draft-ietf-dnsext-axfr-clarify)
DNS Zone Transfer Protocol (AXFR) 2010-06 RFC 5936 (Proposed Standard) Ralph Droms
RFC 5966
(was draft-ietf-dnsext-dns-tcp-requirements)
DNS Transport over TCP - Implementation Requirements 2010-08 RFC 5966 (Proposed Standard) Ralph Droms
RFC 6014
(was draft-ietf-dnsext-dnssec-alg-allocation)
Cryptographic Algorithm Identifier Allocation for DNSSEC 2010-11 RFC 6014 (Proposed Standard) Ralph Droms
RFC 6106
(was draft-ietf-6man-dns-options-bis)
IPv6 Router Advertisement Options for DNS Configuration 2010-11 RFC 6106 (Proposed Standard) Jari Arkko
RFC 6147
(was draft-ietf-behave-dns64)
DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers 2011-04 RFC 6147 (Proposed Standard) David Harrington
RFC 6168
(was draft-ietf-dnsop-name-server-management-reqs)
Requirements for Management of Name Servers for the DNS 2011-05 RFC 6168 (Informational) Ron Bonica
RFC 6195
(was draft-ietf-dnsext-5395bis)
Domain Name System (DNS) IANA Considerations 2011-03 RFC 6195 (Best Current Practice)
Obsoleted by RFC6895
Ralph Droms
RFC 6303
(was draft-ietf-dnsop-default-local-zones)
Locally Served DNS Zones 2011-07 RFC 6303 (Best Current Practice) Ron Bonica
RFC 6304
(was draft-ietf-dnsop-as112-ops)
AS112 Nameserver Operations 2011-07 RFC 6304 (Informational) Ron Bonica
RFC 6305
(was draft-ietf-dnsop-as112-under-attack-help-help)
I'm Being Attacked by PRISONER.IANA.ORG! 2011-07 RFC 6305 (Informational) Ron Bonica
RFC 6394
(was draft-ietf-dane-use-cases)
Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE) 2011-10 RFC 6394 (Informational) Stephen Farrell
RFC 6471
(was draft-irtf-asrg-bcp-blacklists)
Overview of Best Email DNS-Based List (DNSBL) Operational Practices 2012-01 RFC 6471 (Informational) Pete Resnick
RFC 6604
(was draft-ietf-dnsext-xnamercode)
xNAME RCODE and Status Bits Clarification 2012-04 RFC 6604 (Proposed Standard) Ralph Droms
RFC 6605
(was draft-ietf-dnsext-ecdsa)
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC 2012-04 RFC 6605 (Proposed Standard) Ralph Droms
RFC 6641
(was draft-ietf-nfsv4-federated-fs-dns-srv-namespace)
Using DNS SRV to Specify a Global File Namespace with NFS Version 4 2012-06 RFC 6641 (Proposed Standard) Martin Stiemerling
RFC 6672
(was draft-ietf-dnsext-rfc2672bis-dname)
DNAME Redirection in the DNS 2012-06 RFC 6672 (Proposed Standard) Ralph Droms
Andrew Sullivan
RFC 6698
(was draft-ietf-dane-protocol)
The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA 2012-08 RFC 6698 (Proposed Standard)
Updated by RFC7218
Stephen Farrell
Warren Kumari
RFC 6725
(was draft-ietf-dnsext-dnssec-registry-update)
DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates 2012-08 RFC 6725 (Proposed Standard) Ralph Droms
RFC 6731
(was draft-ietf-mif-dns-server-selection)
Improved Recursive DNS Server Selection for Multi-Interfaced Nodes 2012-12 RFC 6731 (Proposed Standard) Ralph Droms
Hui Deng
RFC 6742
(was draft-irtf-rrg-ilnp-dns)
DNS Resource Records for the Identifier-Locator Network Protocol (ILNP) 2012-11 RFC 6742 (Experimental) Ralph Droms
RFC 6760
(was draft-cheshire-dnsext-nbp)
Requirements for a Protocol to Replace the AppleTalk Name Binding Protocol (NBP) 2013-02 RFC 6760 (Informational) Ralph Droms
RFC 6761
(was draft-cheshire-dnsext-special-names)
Special-Use Domain Names 2013-02 RFC 6761 (Proposed Standard) Ralph Droms
RFC 6762
(was draft-cheshire-dnsext-multicastdns)
Multicast DNS 2013-02 RFC 6762 (Proposed Standard) Ralph Droms
RFC 6763
(was draft-cheshire-dnsext-dns-sd)
DNS-Based Service Discovery 2013-02 RFC 6763 (Proposed Standard) Ralph Droms
RFC 6781
(was draft-ietf-dnsop-rfc4641bis)
DNSSEC Operational Practices, Version 2 2012-12 RFC 6781 (Informational) Ron Bonica
Peter Koch
RFC 6804
(was draft-manning-opcode-discover)
DISCOVER: Supporting Multicast DNS Queries 2012-11 RFC 6804 (Historic) Russ Housley
RFC 6840
(was draft-ietf-dnsext-dnssec-bis-updates)
Clarifications and Implementation Notes for DNS Security (DNSSEC) 2013-02 RFC 6840 (Proposed Standard) Ralph Droms
Andrew Sullivan
RFC 6841
(was draft-ietf-dnsop-dnssec-dps-framework)
A Framework for DNSSEC Policies and DNSSEC Practice Statements 2013-01 RFC 6841 (Informational) Ron Bonica
Stephen Morris
RFC 6844
(was draft-ietf-pkix-caa)
DNS Certification Authority Authorization (CAA) Resource Record 2013-01 RFC 6844 (Proposed Standard) Sean Turner
Stephen Kent
RFC 6891
(was draft-ietf-dnsext-rfc2671bis-edns0)
Extension Mechanisms for DNS (EDNS(0)) 2013-04 RFC 6891 (Internet Standard) Ralph Droms
RFC 6895
(was draft-ietf-dnsext-rfc6195bis)
Domain Name System (DNS) IANA Considerations 2013-04 RFC 6895 (Best Current Practice) Ralph Droms
RFC 6912
(was draft-iab-dns-zone-codepoint-pples)
Principles for Unicode Code Point Inclusion in Labels in the DNS 2013-04 RFC 6912 (Informational)
RFC 6944
(was draft-ietf-dnsext-dnssec-algo-imp-status)
Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status 2013-04 RFC 6944 (Proposed Standard) Ralph Droms
RFC 6950
(was draft-iab-dns-applications)
Architectural Considerations on Application Features in the DNS 2013-10 RFC 6950 (Informational)
RFC 6975
(was draft-ietf-dnsext-dnssec-algo-signal)
Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) 2013-07 RFC 6975 (Proposed Standard) Ted Lemon
RFC 7043
(was draft-jabley-dnsext-eui48-eui64-rrtypes)
Resource Records for EUI-48 and EUI-64 Addresses in the DNS 2013-10 RFC 7043 (Informational) Joel Jaeggli
Joel Jaeggli
RFC 7108
(was draft-jabley-dnsop-anycast-mapping)
A Summary of Various Mechanisms Deployed at L-Root for the Identification of Anycast Nodes 2014-01 RFC 7108 (Informational)
RFC 7129
(was draft-gieben-auth-denial-of-existence-dns)
Authenticated Denial of Existence in the DNS 2014-02 RFC 7129 (Informational)
RFC 7216
(was draft-ietf-geopriv-res-gw-lis-discovery)
Location Information Server (LIS) Discovery Using IP Addresses and Reverse DNS 2014-04 RFC 7216 (Proposed Standard) Richard Barnes
Alissa Cooper
RFC 7218
(was draft-ietf-dane-registry-acronyms)
Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) 2014-04 RFC 7218 (Proposed Standard) Stephen Farrell
Paul Hoffman
RFC 7304
(was draft-wkumari-dnsop-defense-collision-mitigate)
A Method for Mitigating Namespace Collisions 2014-07 RFC 7304 (Informational)
RFC 7314
(was draft-andrews-dnsext-expire)
Extension Mechanisms for DNS (EDNS) EXPIRE Option 2014-07 RFC 7314 (Experimental)
Nevil Brownlee
RFC 7344
(was draft-ietf-dnsop-delegation-trust-maintainance)
Automating DNSSEC Delegation Trust Maintenance 2014-09 RFC 7344 (Informational) Joel Jaeggli
Tim Wicinski
RFC 7393
(was draft-deng-pcp-ddns)
Using the Port Control Protocol (PCP) to Update Dynamic DNS 2014-11 RFC 7393 (Informational)
Nevil Brownlee

DNSSEC RFCs

Document Title Date Status AD/Sheperd
RFC 2065
(was draft-ietf-dnssec-secext)
Domain Name System Security Extensions 1997-01 RFC 2065 (Proposed Standard)
Obsoleted by RFC2535
RFC 2137
(was draft-ietf-dnssec-update)
Secure Domain Name System Dynamic Update 1997-04 RFC 2137 (Proposed Standard)
Obsoleted by RFC3007
RFC 2535
(was draft-ietf-dnssec-secext2)
Domain Name System Security Extensions 1999-03 RFC 2535 (Proposed Standard)
RFC 2536
(was draft-ietf-dnssec-dss)
DSA KEYs and SIGs in the Domain Name System (DNS) 1999-03 RFC 2536 (Proposed Standard)
Updated by RFC6944
RFC 2537
(was draft-ietf-dnssec-rsa)
RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) 1999-03 RFC 2537 (Proposed Standard)
Obsoleted by RFC3110
RFC 2538
(was draft-ietf-dnssec-certs)
Storing Certificates in the Domain Name System (DNS) 1999-03 RFC 2538 (Proposed Standard)
Obsoleted by RFC4398
RFC 2539
(was draft-ietf-dnssec-dhk)
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) 1999-03 RFC 2539 (Proposed Standard)
Updated by RFC6944
RFC 2540
(was draft-ietf-dnssec-ddi)
Detached Domain Name System (DNS) Information 1999-03 RFC 2540 (Experimental)
RFC 2541
(was draft-ietf-dnssec-secops)
DNS Security Operational Considerations 1999-03 RFC 2541 (Informational)
Obsoleted by RFC4641
RFC 3008
(was draft-ietf-dnsext-signing-auth)
Domain Name System Security (DNSSEC) Signing Authority 2000-11 RFC 3008 (Proposed Standard)
Updated by RFC3658
RFC 3130
(was draft-lewis-state-of-dnssec)
Notes from the State-Of-The-Technology: DNSSEC 2001-06 RFC 3130 (Informational)
RFC 3225
(was draft-ietf-dnsext-dnssec-okbit)
Indicating Resolver Support of DNSSEC 2001-12 RFC 3225 (Proposed Standard)
RFC 3226
(was draft-ietf-dnsext-message-size)
DNSSEC and IPv6 A6 aware server/resolver message size requirements 2001-12 RFC 3226 (Proposed Standard)
RFC 3445
(was draft-ietf-dnsext-restrict-key-for-dnssec)
Limiting the Scope of the KEY Resource Record (RR) 2002-12 RFC 3445 (Proposed Standard) Erik Nordmark
RFC 3755
(was draft-ietf-dnsext-dnssec-2535typecode-change)
Legacy Resolver Compatibility for Delegation Signer (DS) 2004-05 RFC 3755 (Proposed Standard)
Updated by RFC3757 , RFC3845
Thomas Narten
RFC 3845
(was draft-ietf-dnsext-nsec-rdata)
DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format 2004-08 RFC 3845 (Proposed Standard) Thomas Narten
RFC 4033
(was draft-ietf-dnsext-dnssec-intro)
DNS Security Introduction and Requirements 2005-03 RFC 4033 (Proposed Standard)
Updated by RFC6014 , RFC6840
Thomas Narten
RFC 4034
(was draft-ietf-dnsext-dnssec-records)
Resource Records for the DNS Security Extensions 2005-03 RFC 4034 (Proposed Standard) Thomas Narten
RFC 4035
(was draft-ietf-dnsext-dnssec-protocol)
Protocol Modifications for the DNS Security Extensions 2005-03 RFC 4035 (Proposed Standard) Thomas Narten
RFC 4431
(was draft-andrews-dlv-dns-rr)
The DNSSEC Lookaside Validation (DLV) DNS Resource Record 2006-02 RFC 4431 (Informational) Margaret Wasserman
RFC 4470
(was draft-ietf-dnsext-dnssec-online-signing)
Minimally Covering NSEC Records and DNSSEC On-line Signing 2006-04 RFC 4470 (Proposed Standard) Margaret Wasserman
RFC 4509
(was draft-ietf-dnsext-ds-sha256)
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) 2006-05 RFC 4509 (Proposed Standard) Margaret Wasserman
RFC 4641
(was draft-ietf-dnsop-dnssec-operational-practices)
DNSSEC Operational Practices 2006-09 RFC 4641 (Informational)
Obsoleted by RFC6781
David Kessens
RFC 4955
(was draft-ietf-dnsext-dnssec-experiments)
DNS Security (DNSSEC) Experiments 2007-07 RFC 4955 (Proposed Standard) Mark Townsley
RFC 4956
(was draft-ietf-dnsext-dnssec-opt-in)
DNS Security (DNSSEC) Opt-In 2007-07 RFC 4956 (Experimental) Mark Townsley
RFC 4986
(was draft-ietf-dnsext-rollover-requirements)
Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover 2007-08 RFC 4986 (Informational) Mark Townsley
RFC 5011
(was draft-ietf-dnsext-trustupdate-timers)
Automated Updates of DNS Security (DNSSEC) Trust Anchors 2007-09 RFC 5011 (Internet Standard) Mark Townsley
RFC 5074
(was draft-weiler-dnssec-dlv)
DNSSEC Lookaside Validation (DLV) 2007-11 RFC 5074 (Informational) Russ Housley
RFC 5155
(was draft-ietf-dnsext-nsec3)
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence 2008-03 RFC 5155 (Proposed Standard)
Updated by RFC6840 , RFC6944
Mark Townsley
RFC 5702
(was draft-ietf-dnsext-dnssec-rsasha256)
Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC 2009-10 RFC 5702 (Proposed Standard)
Updated by RFC6944
Ralph Droms
RFC 5933
(was draft-ietf-dnsext-dnssec-gost)
Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC 2010-07 RFC 5933 (Proposed Standard)
Updated by RFC6944
Ralph Droms
RFC 6014
(was draft-ietf-dnsext-dnssec-alg-allocation)
Cryptographic Algorithm Identifier Allocation for DNSSEC 2010-11 RFC 6014 (Proposed Standard) Ralph Droms
RFC 6605
(was draft-ietf-dnsext-ecdsa)
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC 2012-04 RFC 6605 (Proposed Standard) Ralph Droms
RFC 6725
(was draft-ietf-dnsext-dnssec-registry-update)
DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates 2012-08 RFC 6725 (Proposed Standard) Ralph Droms
RFC 6781
(was draft-ietf-dnsop-rfc4641bis)
DNSSEC Operational Practices, Version 2 2012-12 RFC 6781 (Informational) Ron Bonica
Peter Koch
RFC 6840
(was draft-ietf-dnsext-dnssec-bis-updates)
Clarifications and Implementation Notes for DNS Security (DNSSEC) 2013-02 RFC 6840 (Proposed Standard) Ralph Droms
Andrew Sullivan
RFC 6841
(was draft-ietf-dnsop-dnssec-dps-framework)
A Framework for DNSSEC Policies and DNSSEC Practice Statements 2013-01 RFC 6841 (Informational) Ron Bonica
Stephen Morris
RFC 6944
(was draft-ietf-dnsext-dnssec-algo-imp-status)
Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status 2013-04 RFC 6944 (Proposed Standard) Ralph Droms
RFC 6975
(was draft-ietf-dnsext-dnssec-algo-signal)
Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) 2013-07 RFC 6975 (Proposed Standard) Ted Lemon
RFC 7344
(was draft-ietf-dnsop-delegation-trust-maintainance)
Automating DNSSEC Delegation Trust Maintenance 2014-09 RFC 7344 (Informational) Joel Jaeggli
Tim Wicinski