DNS Extensions (dnsext) ----------------------- Charter Last Modified: 2010-11-10 Current Status: Active Working Group Chair(s): Olafur Gudmundsson Andrew Sullivan Internet Area Director(s): Ralph Droms Jari Arkko Internet Area Advisor: Ralph Droms Mailing Lists: General Discussion:dnsext@ietf.org To Subscribe: https://www.ietf.org/mailman/listinfo/dnsext Archive: http://www.ietf.org/mail-archive/web/dnsext/ Description of Working Group: The DNS has a large installed base and repertoire of protocol specifications. The DNSEXT WG group will actively advance DNS protocol-related RFCs on the standards track while thoroughly reviewing further proposed extensions. The scope of the DNSEXT WG is confined to the DNS protocol, particularly changes that affect DNS protocols "on the wire" or the internal processing of DNS data. DNS operations are out of scope for the WG. The WG will limit itself to review of proposals for new extensions and clarification to the DNS protocol, including DNSSEC. Adoption of new work targeted for standards track will require changes to this charter. The working group can nevertheless undertake work in following subjects without a charter change: DNSSEC and TSIG/TKEY algorithm maintenance Hardening DNS protocol and providing guidance to implementors Advancing existing Proposed Standard RFCs to Draft/Full Standard Obsoleting RFCs. Maintaining a Wiki containing a guide to DNS protocol RFC's. Improving DNS zone synchronization mechanisms Examining transport protocols, possibly adding new ones. Before formal adoption of any such items at least 5 working group participants must publicly state that the item is within charter and is worthwhile item for further study. The DNSEXT WG will conduct the specified RFC5395 review of RR templates as they are posted, and EDNS0 Option templates if EDNS0-bis updates registration requirements. The WG will review DNS protocol related work which may originate elsewhere in the IETF, including AD-sponsored submissions or drafts in other working group. The WG does not intend to hold face to face meetings, though may do so if deemed necessary for resolution of a specific issue at hand. Goals and Milestones: Done Forward NSEC rdata to IESG for Proposed Standard Done Forward RFC2535-bis to IESG for proposed standard Done Forward Case Insensitive to IESG for Proposed Standard Done Forward LLMNR to IESG for Proposed Standard Done Update boilerplate text on OPT-IN Done Forward Wildcard clarification to IESG for proposed standard Done Finalize Zone Enumeration Requirements Done RFC2538 (CERT RR) to Draft Standard Done Forgery Resilience advanced to IESG Done GOST DNSKEY and DS support advanced to IESG Jan 2010 DNSKEY Registry fixes and allocation procedure advanced to IESG Done AXFR Clarify to IESG Feb 2010 DNS existing transport protocol recommendations/clarifications to IESG Feb 2010 RFC3597-bis Unknown RR advanced to IESG for PS Feb 2010 TSIG/MD5 Obsoleting to IESG. Feb 2010 DNSSEC Errata document to IESG Mar 2010 EDNS0-bis update advanced to IESG Internet-Drafts: Posted Revised I-D Title ------ ------- -------------------------------------------- May 2005 Nov 2010 Clarifications and Implementation Notes for DNSSECbis Sep 2006 Oct 2010 Update to DNAME Redirection in the DNS Dec 2007 Nov 2010 Extension Mechanisms for DNS (EDNS0) Sep 2009 Feb 2010 Handling of Unknown DNS Resource Record (RR) Types Oct 2009 Aug 2010 Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Nov 2010 Nov 2010 Signaling Cryptographic Algorithm Understanding in DNSSEC Nov 2010 Nov 2010 Domain Name System (DNS) IANA Considerations Request For Comments: RFC Stat Published Title ------- -- ----------- ------------------------------------ RFC2782 PS Feb 2000 A DNS RR for specifying the location of services (DNS SRV) RFC2845Standard Jun 2000 Secret Key Transaction Authentication for DNS (TSIG) RFC2929BCP Sep 2000 Domain Name System (DNS) IANA Considerations RFC2930 PS Sep 2000 Secret Key Establishment for DNS (TKEY RR) RFC2931 PS Sep 2000 DNS Request and Transaction Signatures ( SIG(0)s ) RFC3008 PS Dec 2000 Domain Name System Security (DNSSEC) Signing Authority RFC3007 PS Dec 2000 Secure Domain Name System (DNS) Dynamic Update RFC3090 PS Mar 2001 DNS Security Extension Clarification on Zone Status RFC3110 PS May 2001 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) RFC3123 E Jun 2001 A DNS RR Type for Lists of Address Prefixes (APL RR) RFC3197 I Nov 2001 Applicability Statement for DNS MIB Extensions RFC3225 PS Dec 2001 Indicating Resolver Support of DNSSEC RFC3226 PS Dec 2001 DNSSEC and IPv6 A6 aware server/resolver message size requirements RFC3364 I Aug 2002 Tradeoffs in DNS support for IPv6 RFC3363 I Aug 2002 Representing IPv6 addresses in DNS RFC3425 PS Nov 2002 Obsoleting IQUERY RFC3445 PS Dec 2002 Limiting the Scope of the KEY Resource Record out RFC3597 PS Sep 2003 Handling of Unknown DNS Resource Record (RR) Types RFC3596Standard Oct 2003 DNS Extensions to support IP version 6 RFC3645Standard Oct 2003 GSS Algorithm for TSIG (GSS-TSIG) RFC3655Standard Nov 2003 Redefinition of DNS AD bit RFC3658Standard Dec 2003 Delegation Signer Resource Record RFC3755Standard May 2004 Legacy Resolver Compatibility for Delegation Signer RFC3757Standard May 2004 KEY RR Secure Entry Point Flag RFC3845Standard Aug 2004 DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format RFC3833 I Aug 2004 Threat Analysis Of The Domain Name System RFC4035Standard Apr 2005 Protocol Modifications for the DNS Security Extensions RFC4034Standard Apr 2005 Resource Records for the DNS Security Extensions RFC4033Standard Apr 2005 DNS Security Introduction and Requirements RFC4343Standard Jan 2006 Domain Name System (DNS) Case Insensitivity Clarification RFC4398 PS Mar 2006 Storing Certificates in the Domain Name System (DNS) RFC4470 PS Apr 2006 Minimally Covering NSEC Records and DNSSEC On-line Signing RFC4509 PS May 2006 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) RFC4592 PS Jul 2006 The Role of Wildcards in the Domain Name System RFC4635 PS Aug 2006 HMAC SHA (Hashed Message Authentication Code, Secure Hash Algorithm) TSIG Algorithm Identifiers RFC4471 E Sep 2006 Derivation of DNS Name Predecessor and Successor RFC4701 PS Oct 2006 A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) RFC4795 I Jan 2007 Link-local Multicast Name Resolution (LLMNR) RFC4955 PS Jul 2007 DNS Security (DNSSEC) Experiments RFC4956 E Jul 2007 DNS Security (DNSSEC) Opt-In RFC5001 PS Aug 2007 DNS Name Server Identifier Option (NSID) RFC4986 I Aug 2007 Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover RFC5011 PS Sep 2007 Automated Updates of DNS Security (DNSSEC) Trust Anchors RFC5155 PS Mar 2008 DNS Security (DNSSEC) Hashed Authenticated Denial of Existence RFC5395BCP Nov 2008 Domain Name System (DNS) IANA Considerations RFC5452 PS Jan 2009 Measures for Making DNS More Resilient against Forged Answers RFC5625BCP Aug 2009 DNS Proxy Implementation Guidelines RFC5702 PS Oct 2009 Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC RFC5936 PS Jun 2010 DNS Zone Transfer Protocol (AXFR) RFC5933 PS Jul 2010 Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC RFC5966 PS Aug 2010 DNS Transport over TCP - Implementation Requirements RFC6014 PS Nov 2010 Cryptographic Algorithm Identifier Allocation for DNSSEC