DNS Extensions (dnsext)
-----------------------
Charter
Last Modified: 2006-03-30
Current Status: Active Working Group
Chair(s):
Olafur Gudmundsson <ogud@ogud.com>
Olaf Kolkman <olaf@nlnetlabs.nl>
Internet Area Director(s):
Jari Arkko <jari.arkko@piuha.net>
Mark Townsley <townsley@cisco.com>
Internet Area Advisor:
Mark Townsley <townsley@cisco.com>
Mailing Lists:
General Discussion:namedroppers@ops.ietf.org
To Subscribe: namedroppers-request@ops.ietf.org
Archive: http://ops.ietf.org/lists/namedroppers/
Description of Working Group:
DNS was originally specified in RFC's 1034 and 1035, with subsequent
updates. Within the scope of this WG are DNS protocol issues,
including the specification of message formats, message handling, and
data formats used for DNS client-server and server-server
communication.
This WG is focused on advancing the zone transfer, update, notify
and DNSSECbis documents to Draft standard.
The WG works on solutions for DNSSEC deployment issues that may
require protocol modifications. Two of these issues are identified
and are worked on under the umbrella of this WG. 1] (a) method(s) to
prevent the possibility of trivial zone enumeration and 2] a method
for automated rollover of trust-anchors configured in validating
resolvers.
Issues surrounding the operation of DNS, recommendations concerning
the configuration of DNS servers, and other issues with the use of
the protocol are out of scope for this Working Group. These issues
are considered in other venues, such as the DNS Operations Working
Group.
The DNSEXT Working Group sometimes uses an additional mailing list
for discussion of DNS Security related issues. This list is open to
all
Discussion: dnssec@cafax.se
To Subscribe: dnssec-request@cafax.se
Archive: http://www.cafax.se/dnssec/ and
ftp://ftp.cafax.se/pub/archives/dnssec.list
The 2535bis document set was edited by a team. This team was
chartered with making editorial changes only, with all substantiative
changes discussed on the WG list. The archive of this editors-only
mailing list is available at:
http://www.east.isi.edu/projects/DNSSEC
Specific work items are:
o Advance the DNSSECbis document set through the standards
process.
o Clarification of RFC1034/1035 relating to DNSEXT ongoing work.
+ Clarification of wildcard processing rules.
o After the work items above have been completed the working
group will continue on reviewing the following existing
proposed standard and examine if there is a possibility to
progress them on the standards track.
+ RFC1995 (IXFR) to Draft standard.
+ RFC1996 (Notify) to Draft standard.
+ RFC2136bis (Dynamic Update) to Draft Standard.
+ RFC2181 (Clarify) to IESG for advancement to Draft Standard.
+ RFC2308 (Neg Caching) to Draft Standard.
+ RFC2671 (EDNS0) to Draft Standard.
+ RFC2672 (DNAME) to Draft Standard, or revision.
+ RFC2845 (TSIG)to Draft standard.
+ RFC2930 (TKEY) to Draft standard.
+ RFC3007 (Secure Update) to Draft standard.
+ RFC3645 GSS/TSIG to Draft Standard
+ RFC3??? AXFR clarify to Draft Standard.
o Identify (a) method(s) to prevent the possibility of trivial
zone enumeration.
o Define a method for automated rollover of trust-anchors
configured in validating resolvers.
o Foster the development of Link Local Multicast Name
Resolution (LLMNR) standard. The WG has taken up this work
since LLMNR it is very similar to the DNS protocol. LLMNR is
targeted as proposed standard.
The lifetime of the group is set by the work items above but while
these are ongoing the working group has additional tasks:
o Reviewing and providing recommendations about the
specification, by other working groups, of RR types that do
not
require any special processing and that do not require any
special naming conventions.
Goals and Milestones:
Done Forward NSEC rdata to IESG for Proposed Standard
Done Forward RFC2535-bis to IESG for proposed standard
Done Forward Case Insensitive to IESG for Proposed Standard
Done Forward LLMNR to IESG for Proposed Standard
Feb 2005 Update boilerplate text on OPT-IN
Feb 2005 Submit KEY algorithm documents RFC253[69]bis and RFC3110 to
IESG for proposed standard
Mar 2005 Finalize Zone Enumeration Requirements
Done Forward Wildcard clarification to IESG for proposed standard
Apr 2005 Start of process of reviewing the following RFCs and to move
them to Draft Standard status
May 2005 Submit to IESG RFC2845 (TSIG)to Draft standard
Jun 2005 RFC2671 (EDNS0) to Draft Standard
Jun 2005 RFC2672 (DNAME) to Draft Standard or revision
Jul 2005 RFC2136 (Dynamic Update) to Draft Standard
Jul 2005 RFC3007 (Secure Update) to Draft Standard
Jul 2005 RFC1995 (IXFR) to Draft standard
Jul 2005 RFC1996 (Notify) to Draft Standard
Sep 2005 RFC2930 (TKEY) to Draft standard
Sep 2005 RFC2181 (Clarify) to Draft Standard
Sep 2005 RFC2308 (Neg Caching) to Draft Standard
Nov 2005 RFC2782 (SRV RR) to Draft Standard
Nov 2005 RFC1982 (Serial Number Arithmetic)
Nov 2005 FRC2539 (DH Key RR) to Draft Standard
Nov 2005 RFC3226 (Message Size) to Draft Standard
Done RFC2538 (CERT RR) to Draft Standard
Internet-Drafts:
Posted Revised I-D Title <Filename>
------ ------- --------------------------------------------
Jul 2000 Mar 2006 <draft-ietf-dnsext-dhcid-rr-13.txt>
A DNS RR for Encoding DHCP Information (DHCID RR)
Nov 2000 Aug 2006 <draft-ietf-dnsext-mdns-47.txt>
Link-local Multicast Name Resolution (LLMNR)
Jun 2001 Jun 2006 <draft-ietf-dnsext-dnssec-opt-in-09.txt>
DNSSEC Opt-In
Jul 2001 Oct 2006 <draft-ietf-dnsext-rfc2536bis-dsa-08.txt>
DSA Keying and Signature Information in the DNS
Jul 2001 Oct 2006 <draft-ietf-dnsext-rfc2539bis-dhk-08.txt>
Storage of Diffie-Hellman Keying Information in the DNS
Jul 2001 Apr 2006 <draft-ietf-dnsext-ecc-key-09.txt>
Elliptic Curve Keys and Signatures in the Domain Name System
(DNS)
Jun 2004 Jun 2006 <draft-ietf-dnsext-dnssec-trans-04.txt>
Evaluating DNSSEC Transition Mechanisms
Sep 2004 Jun 2006 <draft-ietf-dnsext-signed-nonexistence-requirements-03.txt>
Requirements related to DNSSEC Signed Proof of Non-Existence
Oct 2004 Sep 2006 <draft-ietf-dnsext-trustupdate-timers-04.txt>
Automated Updates of DNSSEC Trust Anchors
Jan 2005 Aug 2006 <draft-ietf-dnsext-nsec3-07.txt>
DNSSEC Hashed Authenticated Denial of Existence
Feb 2005 Apr 2006 <draft-ietf-dnsext-dnssec-experiments-03.txt>
DNSSEC Experiments
May 2005 Oct 2006 <draft-ietf-dnsext-dnssec-bis-updates-04.txt>
Clarifications and Implementation Notes for DNSSECbis
Jul 2005 Jun 2006 <draft-ietf-dnsext-2929bis-03.txt>
Domain Name System (DNS) IANA Considerations
Sep 2005 Jun 2006 <draft-ietf-dnsext-nsid-02.txt>
DNS Name Server Identifier Option (NSID)
Feb 2006 Sep 2006 <draft-ietf-dnsext-rollover-requirements-03.txt>
Requirements related to DNSSEC Trust Anchor Rollover
Sep 2006 Sep 2006 <draft-ietf-dnsext-rfc2672bis-dname-00.txt>
Update to DNAME Redirection
Request For Comments:
RFC Stat Published Title
------- -- ----------- ------------------------------------
RFC2782 PS Feb 2000 A DNS RR for specifying the location of services (DNS
SRV)
RFC2845Standard Jun 2000 Secret Key Transaction Authentication for DNS (TSIG)
RFC2929BCP Sep 2000 Domain Name System (DNS) IANA Considerations
RFC2930 PS Sep 2000 Secret Key Establishment for DNS (TKEY RR)
RFC2931 PS Sep 2000 DNS Request and Transaction Signatures ( SIG(0)s )
RFC3007 PS Dec 2000 Secure Domain Name System (DNS) Dynamic Update
RFC3008 PS Dec 2000 Domain Name System Security (DNSSEC) Signing Authority
RFC3090 PS Mar 2001 DNS Security Extension Clarification on Zone Status
RFC3110 PS May 2001 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System
(DNS)
RFC3123 E Jun 2001 A DNS RR Type for Lists of Address Prefixes (APL RR)
RFC3197 I Nov 2001 Applicability Statement for DNS MIB Extensions
RFC3225 PS Dec 2001 Indicating Resolver Support of DNSSEC
RFC3226 PS Dec 2001 DNSSEC and IPv6 A6 aware server/resolver message size
requirements
RFC3363 I Aug 2002 Representing IPv6 addresses in DNS
RFC3364 I Aug 2002 Tradeoffs in DNS support for IPv6
RFC3425 PS Nov 2002 Obsoleting IQUERY
RFC3445 PS Dec 2002 Limiting the Scope of the KEY Resource Record out
RFC3597 PS Sep 2003 Handling of Unknown DNS Resource Record (RR) Types
RFC3596Standard Oct 2003 DNS Extensions to support IP version 6
RFC3645Standard Oct 2003 GSS Algorithm for TSIG (GSS-TSIG)
RFC3655Standard Nov 2003 Redefinition of DNS AD bit
RFC3658Standard Dec 2003 Delegation Signer Resource Record
RFC3755Standard May 2004 Legacy Resolver Compatibility for Delegation Signer
RFC3757Standard May 2004 KEY RR Secure Entry Point Flag
RFC3845Standard Aug 2004 DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
RFC3833 I Aug 2004 Threat Analysis Of The Domain Name System
RFC4035Standard Apr 2005 Protocol Modifications for the DNS Security Extensions
RFC4034Standard Apr 2005 Resource Records for the DNS Security Extensions
RFC4033Standard Apr 2005 DNS Security Introduction and Requirements
RFC4343Standard Jan 2006 Domain Name System (DNS) Case Insensitivity
Clarification
RFC4398 PS Mar 2006 Storing Certificates in the Domain Name System (DNS)
RFC4470 PS Apr 2006 Minimally Covering NSEC Records and DNSSEC On-line
Signing
RFC4509 PS May 2006 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource
Records (RRs)
RFC4592 PS Jul 2006 The Role of Wildcards in the Domain Name System
RFC4635 PS Aug 2006 HMAC SHA (Hashed Message Authentication Code, Secure
Hash Algorithm) TSIG Algorithm Identifiers
RFC4471 E Sep 2006 Derivation of DNS Name Predecessor and Successor