DNS Security: dnssec@cafax.se To Subscribe: dnssec-request@cafax.se Archive: http://www.cafax.se/dnssec/ and ftp://ftp.cafax.se/pub/archives/dnssec.list Key Distribution: keydist@cafax.se To Subscribe: keydist-request@cafax.se Archive: ftp://ftp.cafax.se/pub/archives/keydist.list
The DNSEXT Working Group has assumed the RFCs and drafts of both the DNSSEC and DNSIND working groups. DNS is originally specified in RFC's 1034 and 1035, with subsequent updates. Within the scope of this WG are protocol issues, including message formats, message handling, and data formats. New work items and milestones may be added from time-to-time with the approval of the Working Group and the IESG.
Issues surrounding the operation of DNS, recommendations concerning the configuration of DNS servers, and other issues with the use of the protocol are out of this Working Group's charter. These issues are considered in other venues, such as operational issues in the DNS Operations Working Group.
Broad topics under consideration in DNSEXT are dynamic update, notify, zone transfers, security and adjustments to address the requirements of IPv6 addressing. Security topics, mostly inherited from the erstwhile DNS Security Extensions Working Group, will be addressed in cooperation with the DNS Operations Working Group.
The principal task within this Working Group is to advance several documents describing proposed extensions to DNS. The current list of documents under consideration for advancement is:
Title RFC Status
DNS Server MIB Extensions RFC1611 Proposed
DNS Resolver MIB Extensions RFC1612 Proposed
Serial Number Arithmetic RFC1982 Proposed
Incremental Zone transfer RFC1995 Proposed
Notify RFC1996 Proposed
DNS SRV service location RFC2052 Experimental
Dynamic Update RFC2136 Proposed
Security for Dynamic Update RFC2137 Proposed
Clarification to DNS RFC2181 Proposed
Negative Caching RFC2308 Proposed
DNS Security Extensions RFC2535 Proposed
DSA KEYs and SIGs RFC2536 Proposed
RSA KEYs and SIGs RFC2537 Proposed
Storing Certificates RFC2538 Proposed
Diffie-Hellman Keys RFC2539 Proposed
Extensions to DNS0 RFC2671 Proposed
Non-Terminal DNS names RFC2672 Proposed
Binary Labels RFC2673 Proposed
Other specific work items are:
o TSIG - transaction signatures in (dnsind-tsig-xx.txt)
o TKEY - Secret Key establishment for DNS (dnsind-tkey-xx.txt)
o Securing dynamic update (dnsind-simple-secure-update-xx.txt)
o Protocol clarifications and corrections for DNSSEC (draft-ietf-dnsind-sig-zero-xx.txt) (draft-ietf-dnsind-zone-secure-xx.txt)
o Clarifications for IANA in DNS assignments (draft-ietf-dnsind-iana-dns-xx.txt)
o Documentation of the zone transfer protocol (AXFR)
o Retirement of DNS MIB's RFC's
New work items may be added from time-to-time with the approval of the Working Group and the IESG.
Done |    | Advance RFC2052bis to RFC. |
Jan 00 |    | Advance RFC1996 for Draft standard. |
Done |    | Advance TKEY and IANA considerations for IESG consideration |
Feb 00 |    | RFC1995bis and AXFR advanced for Proposed |
Done |    | SIG(0) advanced for IESG consideration |
Mar 00 |    | RFC2136bis advanced for Proposed standard |
Mar 00 |    | IXFR (RFC1995bis) interoperabilty testing complete |
Apr 00 |    | Serial Number Arithmetic, Notify and DNS Clarify advanced to Draft Standard. |
Apr 00 |    | RFC1611 and RFC1612 status chaned to historic. |
May 00 |    | RFC2308bis advanced for IESG consideration. |
Done |    | Secure update completed and ready for IESG consideration |
Done |    | RFC2137 Obsoleted |
Jun 00 |    | Request that TSIG be advanced to Draft Standard |
Jul 00 |    | Revised DNSSEC submitted for advancement to Draft Standard |
RFC | Status | Title |
RFC2782 | PS | A DNS RR for specifying the location of services (DNS SRV) |
RFC2845 | S | Secret Key Transaction Authentication for DNS (TSIG) |
RFC2929 | Domain Name System (DNS) IANA Considerations | |
RFC2930 | PS | Secret Key Establishment for DNS (TKEY RR) |
RFC2931 | PS | DNS Request and Transaction Signatures ( SIG(0)s ) |
RFC3007 | PS | Secure Domain Name System (DNS) Dynamic Update |
RFC3008 | PS | Domain Name System Security (DNSSEC) Signing Authority |
RFC3090 | PS | DNS Security Extension Clarification on Zone Status |
RFC3110 | PS | RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) |
RFC3123 | E | A DNS RR Type for Lists of Address Prefixes (APL RR) |
RFC3225 | PS | Indicating Resolver Support of DNSSEC |
RFC3226 | PS | DNSSEC and IPv6 A6 aware server/resolver message size requirements |