DNS related RFCs

This is an annotated list of Requests for Comments (RFCs) that are directly relevant to DNS, the Domain Name System. 114 DNS-related RFC documents are reviewed here. Inter-document dependencies are listed for a further 20 obsolete DNS-related RFC documents, as well as to some RFCs that are not directly related to DNS.

RFCs are distributed in text format, but where available, a link is provided to HTML versions of these documents. In each instance the text version is the official one; the HTML versions may contain inadvertent mistakes introduced during the conversion process.

RFC 3696 (Informational)
Application Techniques for Checking and Transformation of Names by J. Klensin
Summarises the syntax of valid DNS names, email addresses, and URLs, so that programmers can correctly apply local checking of input. Right now, many applications refuse to accept perfectly valid domain names, email addresses or URLs because of incorrect assumptions about their syntax. Should be read by overzealous coders everywhere, but that's probably a forlorn hope.
Feb-2004, checked 19-Mar-2004
RFC 3675 (Informational)
.sex Considered Dangerous by D. Eastlake 3rd
Every few weeks someone wants to classify Internet content based on domain names. This is a bad idea, and this document explains why. The main technical argument against content labels based on domain names, is that nothing can be said about names where administration of the directory is distributed: it is trivial to create cross-links that either escape the segregation, or that cause harm to innocent bystanders. Instead, labels should be applied using a separate non-DNS rating mechanism. See also RFC 3467.
Feb-2004, checked 27-Feb-2004
RFC 3658 (Proposed Standard) updates RFC 1035, RFC 2535, RFC 3008 and RFC 3090
Delegation Signer (DS) Resource Record (RR) by O. Gudmundsson
Introduces the DS resource record, a major semantic change to the DNSSEC chain of trust, but one that should reduce the need for communication when keys change.
Dec-2003, checked 27-Feb-2004
RFC 3655 (Proposed Standard) updates RFC 2535
Redefinition of DNS Authenticated Data (AD) bit by B. Wellington and O. Gudmundsson
A step towards giving the AD bit a DNSSEC meaning, but the option to set it if the data "complies with local policy" means there is no incentive to change existing name servers. I fail to see how this redefinition achieves anything useful.
Nov-2003, checked 27-Feb-2004
RFC 3646 (Proposed Standard)
DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6) by R. Droms (editor)
Allows an IPv6 resolver to be configured using DHCPv6, by setting the list of recursive name servers and the domain search list.
Dec-2003, checked 27-Feb-2004
RFC 3645 (Proposed Standard) updates RFC 2845
Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG) by S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead and R. Hall
Defines a GSS compliant algorithm for TSIG. Five of the six authors were affiliated with Microsoft when this was published.
Oct-2003, checked 27-Feb-2004
RFC 3597 (Proposed Standard) updates RFC 2163 and RFC 2535
Handling of Unknown DNS Resource Record (RR) Types by A. Gustafsson
Mandates that DNS servers should accept, store and return unknown records of unknown type as is. Long overdue, but increases the complexity of implementating DNSSEC and dynamic updates.
Sep-2003, checked 27-Feb-2004
RFC 3596 (Draft Standard) obsoletes RFC 1886 and RFC 3152
DNS Extensions to Support IP Version 6 by S. Thomson, C. Huitema, V. Ksinant and M. Souissi
Defines the AAAA record type and domain IP6.ARPA, and specifies that AAAA records must also be processed where previously only A records were.
Oct-2003, checked 27-Feb-2004
RFC 3492 (Proposed Standard)
Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA) by A. Costello
A (relatively) simple mapping of Unicode domain names into DNS hostnames.
Mar-2003, checked 27-Feb-2004
RFC 3491 (Proposed Standard)
Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN) by P. Hoffman and M. Blanchet
A somewhat complex method for mapping Unicode domain names into DNS hostnames.
Mar-2003, checked 27-Feb-2004
RFC 3490 (Proposed Standard)
Internationalizing Domain Names in Applications (IDNA) by P. Faltstrom, P. Hoffman and A. Costello
Overall framework for mapping Unicode domain names into DNS hostnames. See also a critique.
Mar-2003, checked 27-Feb-2004
RFC 3467 (Informational)
Role of the Domain Name System (DNS) by J. Klensin
Describes the original motivation for DNS. Argues that it is not appropriate to shoehorn new applications into the DNS simply because the DNS infrastructure is widely deployed. Suggests that many applications, such as IDN, do not fit in with the design principles of DNS, and should be done outside of DNS. See also RFC 2825.
Feb-2003, checked 27-Feb-2004
RFC 3445 (Proposed Standard) updates RFC 2535
Limiting the Scope of the KEY Resource Record (RR) by D. Massey and S. Rose
Limits the use of KEY records to DNSSEC. Removes support for storing arbitrary application keys in KEY records (previously these were allowed).
Dec-2002, checked 27-Feb-2004
RFC 3425 (Proposed Standard) updates RFC 1035
Obsoleting IQUERY by D. Lawrence
Declares the IQUERY query type obsolete, since reverse DNS using PTR records achieves the same aims with much better behaviour.
Nov-2002, checked 27-Feb-2004
RFC 3405 (BCP 65)
Dynamic Delegation Discovery System (DDDS) Part Five: URI.ARPA Assignment Procedures by M. Mealling
Policies and procedures for URI.ARPA and URN.ARPA, as used by RFC 3404.
Oct-2002, checked 06-Mar-2004
RFC 3404 (Proposed Standard) obsoletes RFC 2915 and RFC 2168
Dynamic Delegation Discovery System (DDDS) Part Four: The Uniform Resource Identifiers (URI) Resolution Application by M. Mealling
Application of DDDS, using NAPTR records to transform URNs and URIs. Looks like an attempt to rescue the URI/URN endeavour, but I think there are too many new layers of indirection here for this to succeed.
Oct-2002, checked 27-Feb-2004
RFC 3403 (Proposed Standard) obsoletes RFC 2915 and RFC 2168
Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database by M. Mealling
Defines the NAPTR (Naming Authority Pointer) record type, which stores DDDS rules in the DNS database. Very general, but I think this is an instance where RFC 3467 applies.
Oct-2002, checked 27-Feb-2004
RFC 3402 (Proposed Standard) obsoletes RFC 2915 and RFC 2168
Dynamic Delegation Discovery System (DDDS) Part Two: The Algorithm by M. Mealling
Details of how DDDS transforms its input string, by applying rules fetched from a dynamic database. A nice generalisation of the DNS lookup algorithm, which can be viewed as a transformation of a domain name into the contents of the associated resource records via delegation rules stored in DNS servers. The level of abstraction is maybe too high to catch on with protocol designers.
Oct-2002, checked 27-Feb-2004
RFC 3401 (Informational) updates RFC 2276; obsoletes RFC 2915 and RFC 2168
Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS by M. Mealling
Overview of the documents comprising DDDS, which is an abstract method to transform strings using rules stored in a dynamic database.
Oct-2002, checked 27-Feb-2004
RFC 3368 (Proposed Standard)
The 'go' URI Scheme for the Common Name Resolution Protocol by M. Mealling
This seems to be the main purpose of CNRP: a keyword directory service, so that browsers can perform queries of the form go:Some%20Company%20Name and similar. The LDAP folks keep on trying to create a new protocol for the directory service role that the DNS has been shoehorned into; see also RFC 2517. DNS isn't a good general directory service, but I don't see it being bad enough that alternatives have enough room to become established.
Aug-2002, checked 27-Feb-2004
RFC 3367 (Proposed Standard)
Common Name Resolution Protocol (CNRP) by N. Popp, M. Mealling and M. Moseley
CNRP seems to consist of the useful bits of LDAP expressed in XML syntax; see also RFC 2168.
Aug-2002, checked 27-Feb-2004
RFC 3364 (Informational) updates RFC 2673 and RFC 2874
Tradeoffs in Domain Name System (DNS) Support for Internet Protocol version 6 (IPv6) by R. Austein
A critical comparison of AAAA (RFC 1886) versus A6 (RFC 2874) records for IPv6. See also RFC 3363.
Aug-2002, checked 27-Feb-2004
RFC 3363 (Informational) updates RFC 2673 and RFC 2874
Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS) edited by R. Bush, A. Durand, B. Fink, O. Gudmundsson and T. Hain
Demotes RFC 2673 and RFC 2874 to Experimental status, as A6 records and binary labels for IPv6 addresses are no longer regarded as important. See also RFC 3364.
Aug-2002, checked 27-Feb-2004
RFC 3352 (Informational) obsoletes RFC 1798
Connection-less Lightweight Directory Access Protocol (CLDAP) to Historic Status by K. Zeilenga
The original attempt by LDAP to take over DNS failed, as detailed here.
Mar-2003, checked 27-Feb-2004
RFC 3263 (Proposed Standard) obsoletes RFC 2543
Session Initiation Protocol (SIP): Locating SIP Servers by J. Rosenberg and H. Schulzrinne
Details of how SIP uses NAPTR and SRV records to locate SIP servers.
Jun-2002, checked 12-Mar-2004
RFC 3258 (Informational)
Distributing Authoritative Name Servers via Shared Unicast Addresses by T. Hardie
How to use a single IP address for several name servers, using routing tricks. In fairly common use at large ISPs around the world. I think this deserves the status of a BCP.
Apr-2002, checked 27-Feb-2004
RFC 3254 (Informational)
Definitions for talking about directories by H. Alvestrand
Defines terms and a framework for classifying different types of directory services, and explains how several existing directories (such as DNS, the BGP routing information database, and SNMP MIBs), fit into this model.
Apr-2002, checked 27-Feb-2004
RFC 3245 (Informational)
The History and Context of Telephone Number Mapping (ENUM) Operational Decisions: Informational Documents Contributed to ITU-T Study Group 2 (SG2) by J. Klensin
Design decisions behind the ENUM mapping of E.164 telephone numbers into the DNS. See also RFC 2916.
Mar-2002, checked 27-Feb-2004
RFC 3226 (Proposed Standard) updates RFC 2535 and RFC 2874
DNSSEC and IPv6 A6 aware server/resolver message size requirements by O. Gudmundsson
Requires support for EDNS0 extensions for DNSSEC compliance, and also if A6 records are used (but see RFC 3363).
Dec-2001, checked 27-Feb-2004
RFC 3225 (Proposed Standard)
Indicating Resolver Support of DNSSEC by D. Conrad
Proposes using a bit in the extended EDNS0 header for resolvers to explicitly indicate that they support DNSSEC.
Dec-2001, checked 27-Feb-2004
RFC 3197 (Informational)
Applicability Statement for DNS MIB Extensions by R. Austein
Explains why the SNMP interface to DNS servers and resolvers was never implemented, and retires RFC 1611 and RFC 1612.
Nov-2001, checked 27-Feb-2004
RFC 3152 (BCP 49) updates RFC 1886 and RFC 2874; obsoleted by RFC 3596; also updates non-DNS related RFC 2553, RFC 2766 and RFC 2772
Aug-2001, checked 27-Feb-2004
RFC 3123 (Experimental)
A DNS RR Type for Lists of Address Prefixes (APL RR) by P. Koch
Defines record type APL, for lists of IP ranges in prefix/length notation. Could be useful when specifying access control lists, but not yet widely used.
Jun-2001, checked 27-Feb-2004
RFC 3110 (Proposed Standard) obsoletes RFC 2537
RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) by D. Eastlake 3rd
Formats for RSA/SHA-1 SIG and RSA KEY records. The main change from RFC 2537 is replacement of MD5 with SHA-1 hashes.
May-2001, checked 27-Feb-2004
RFC 3090 (Proposed Standard) updates RFC 2535; updated by RFC 3658
DNS Security Extension Clarification on Zone Status by E. Lewis
Clarifies what it means for a zone to be secured, in the context of DNSSEC.
Mar-2001, checked 27-Feb-2004
RFC 3071 (Informational)
Reflections on the DNS, RFC 1591, and Categories of Domains by J. Klensin
A lament for the loss of sanity in DNS delegation close to the root of the IN namespace. Appears to be mostly aimed at ICANN and their often inexplicable treatment of TLDs. See also RFC 1591.
Feb-2001, checked 27-Feb-2004
RFC 3008 (Proposed Standard) updates RFC 2535; updated by RFC 3658
Domain Name System Security (DNSSEC) Signing Authority by B. Wellington
Requires zone data in a secure zone to be signed by the zone key, and restricts how SIG records can be applied by a secure resolver.
Nov-2000, checked 27-Feb-2004
RFC 3007 (Proposed Standard) updates RFC 2136 and RFC 2535; obsoletes RFC 2137
Secure Domain Name System (DNS) Dynamic Update by B. Wellington
Changes how secure dynamic updates should be performed in the DNSSEC framework.
Nov-2000, checked 27-Feb-2004
RFC 2972 (Informational)
Context and Goals for Common Name Resolution by N. Popp, M. Mealling, L. Masinter and K. Sollins
The philosophy of CNRP: seems sound, but I have reservations about practical adoption of the protocol. See also RFC 3367.
Oct-2000, checked 27-Feb-2004
RFC 2937 (Proposed Standard)
The Name Service Search Option for DHCP by C. Smith
An option for DHCP to specify the resolver name service search order. Similar to the way nsswitch.conf works to specify the order in which local host files, NIS, DNS, etc. are consulted.
Sep-2000, checked 27-Feb-2004
RFC 2931 (Proposed Standard) updates RFC 2535
DNS Request and Transaction Signatures ( SIG(0)s) by D. Eastlake 3rd
Tweaks the extended SIG(0) record type used in DNSSEC.
Sep-2000, checked 27-Feb-2004
RFC 2930 (Proposed Standard)
Secret Key Establishment for DNS (TKEY RR) by D. Eastlake 3rd
A way of distributing keys for TSIG records.
Sep-2000, checked 27-Feb-2004
RFC 2929 (BCP 42)
Domain Name System (DNS) IANA Considerations by D. Eastlake 3rd, E. Brunner-Williams and B. Manning
Defines which codes, flags and classes have been allocated, and how IANA will allocate new numbers. See also IANA official numbers.
Sep-2000, checked 27-Feb-2004
RFC 2916 (Proposed Standard)
E.164 number and DNS by P. Faltstrom
Specifies a mapping of E.164 telephone numbers into URIs using NAPTR records and domain names in the .E164.ARPA domain, similar to the way PTR records are used in .IN-ADDR.ARPA. Not widely used, and will likely be obsoleted by the Internet-Draft draft-ietf-enum-rfc2916bis. See also RFC 3245.
Sep-2000, checked 06-Mar-2004
RFC 2915 (Proposed Standard) updates RFC 2168; obsoleted by RFC 3401, RFC 3402, RFC 3403 and RFC 3404
Sep-2000
RFC 2874 (Experimental) updated by RFC 3152, RFC 3226, RFC 3363 and RFC 3364
DNS Extensions to Support IPv6 Address Aggregation and Renumbering by M. Crawford and C. Huitema
Introduces A6 records and the IP6.ARPA domain. See also RFC 3363.
Jul-2000
RFC 2870 (BCP 40) obsoletes RFC 2010
Root Name Server Operational Requirements by R. Bush, D. Karrenberg, M. Kosters and R. Plzak
How to run a root name server. Elicited some acrimonious debate on the dnsop mailing list during drafting.
Jun-2000
RFC 2845 (Proposed Standard) updates RFC 1035; updated by RFC 3645
Secret Key Transaction Authentication for DNS (TSIG) by P. Vixie, O. Gudmundsson, D. Eastlake 3rd and B. Wellington
Hashing protocol for authenticating DNS data, assuming that the endpoints share secret keys. These secret keys need to be distributed using some other mechanism, for instance RFC 3645 or RFC 2930.
May-2000, checked 27-Feb-2004
RFC 2832 (Informational)
NSI Registry Registrar Protocol (RRP) Version 1.1.0 by S. Hollenbeck and M. Srivastava
Protocol for sharing domain registration information between registries and registrars.
May-2000
RFC 2826 (Informational)
IAB Technical Comment on the Unique DNS Root by Internet Architecture Board
Reiterates that DNS is built on the technical assumption that each namespace has a unique root. Unfortunately, I don't think this argument is persuasive enough to deter the anti-ICANN brigade.
May-2000
RFC 2825 (Informational)
A Tangled Web: Issues of I18N, Domain Names, and the Other Internet protocols by Internet Architecture Board (L. Daigle, Editor)
A warning that internationalized domain names have many pitfalls. See also RFC 3467.
May-2000
RFC 2782 (Proposed Standard) obsoletes RFC 2052; updates RFC 1035
A DNS RR for specifying the location of services (DNS SRV) by A. Gulbrandsen, P. Vixie and L. Esibov
Introduced generalised SRV records for indirection, similar to MX records, for services other than mail. Also changed the SRV namespace to use leading underscore characters: "_TCP.example" instead of "TCP.example".
Feb-2000
RFC 2694 (Informational)
DNS extensions to Network Address Translators (DNS_ALG) by P. Srisuresh, G. Tsirtsis, P. Akkiraju and A. Heffernan
Proposes an application level gateway for DNS which modifies DNS payload to alter address mapping of hosts. This progressed without input from the DNSEXT community, so it is not interoperable with protocols such as DNSSEC. Widespread deployment of this protocol would probably cause a bunch of problems.
Sep-1999
RFC 2673 (Experimental) updated by RFC 3363 and RFC 3364
Binary Labels in the Domain Name System by M. Crawford
Defines a Bit-String label, which represents a sequence of single bit labels for storing records at any bit-boundary in the name tree. See also RFC 3363.
Aug-1999
RFC 2672 (Proposed Standard)
Non-Terminal DNS Name Redirection by M. Crawford
Defines DNAME record, which maps a subtree of the DNS to another domain: like a more general form of CNAME.
Aug-1999
RFC 2671 (Proposed Standard)
Extension mechanisms for DNS (EDNS0) by P. Vixie
Backward compatible mechanisms for growing the DNS protocol, to avoid exhaustion of the limited fixed fields. Note that this standard requires that implementations of newer features must also support all features of older versions. After extended discussion, a proposal for extensions based on this mechanism was never published. Overall, EDNS0 is not being widely used.
Aug-1999
RFC 2606 (BCP 32)
Reserved Top Level DNS Names by D. Eastlake 3rd and A. Panitz
Reserves new top-level and second-level domain names for testing and documentation: .EXAMPLE, .INVALID, .TEST, .LOCALHOST and EXAMPLE.{COM,NET,ORG}.
Jun-1999
RFC 2541 (Informational)
DNS Security Operational Considerations by