Current Meeting Report

2.2.2 DNS Extensions (dnsext)

NOTE: This charter is a snapshot of the 53rd IETF Meeting in Minneapolis, MN USA. It may now be out-of-date. Last Modified: 30-Jan-02
Olafur Gudmundsson <>
Randy Bush <>
Internet Area Director(s):
Thomas Narten <>
Erik Nordmark <>
Internet Area Advisor:
Erik Nordmark <>
Mailing Lists:
To Subscribe:
Description of Working Group:
NOTE: The DNSEXT Working Group actually uses two additional mailing lists.

DNS Security: To Subscribe: Archive: and Key Distribution: To Subscribe: Archive:

The DNSEXT Working Group has assumed the RFCs and drafts of both the DNSSEC and DNSIND working groups. DNS is originally specified in RFC's 1034 and 1035, with subsequent updates. Within the scope of this WG are protocol issues, including message formats, message handling, and data formats. New work items and milestones may be added from time-to-time with the approval of the Working Group and the IESG.

Issues surrounding the operation of DNS, recommendations concerning the configuration of DNS servers, and other issues with the use of the protocol are out of this Working Group's charter. These issues are considered in other venues, such as operational issues in the DNS Operations Working Group.

Broad topics under consideration in DNSEXT are dynamic update, notify, zone transfers, security and adjustments to address the requirements of IPv6 addressing. Security topics, mostly inherited from the erstwhile DNS Security Extensions Working Group, will be addressed in cooperation with the DNS Operations Working Group.

The principal task within this Working Group is to advance several documents describing proposed extensions to DNS. The current list of documents under consideration for advancement is:

Title RFC Status

DNS Server MIB Extensions RFC1611 Proposed

DNS Resolver MIB Extensions RFC1612 Proposed

Serial Number Arithmetic RFC1982 Proposed

Incremental Zone transfer RFC1995 Proposed

Notify RFC1996 Proposed

DNS SRV service location RFC2052 Experimental

Dynamic Update RFC2136 Proposed

Security for Dynamic Update RFC2137 Proposed

Clarification to DNS RFC2181 Proposed

Negative Caching RFC2308 Proposed

DNS Security Extensions RFC2535 Proposed

DSA KEYs and SIGs RFC2536 Proposed

RSA KEYs and SIGs RFC2537 Proposed

Storing Certificates RFC2538 Proposed

Diffie-Hellman Keys RFC2539 Proposed

Extensions to DNS0 RFC2671 Proposed

Non-Terminal DNS names RFC2672 Proposed

Binary Labels RFC2673 Proposed

Other specific work items are:

o TSIG - transaction signatures in (dnsind-tsig-xx.txt)

o TKEY - Secret Key establishment for DNS (dnsind-tkey-xx.txt)

o Securing dynamic update (dnsind-simple-secure-update-xx.txt)

o Protocol clarifications and corrections for DNSSEC (draft-ietf-dnsind-sig-zero-xx.txt) (draft-ietf-dnsind-zone-secure-xx.txt)

o Clarifications for IANA in DNS assignments (draft-ietf-dnsind-iana-dns-xx.txt)

o Documentation of the zone transfer protocol (AXFR)

o Retirement of DNS MIB's RFC's

New work items may be added from time-to-time with the approval of the Working Group and the IESG.

Goals and Milestones:
Done   Advance RFC2052bis to RFC.
Jan 00   Advance RFC1996 for Draft standard.
Done   Advance TKEY and IANA considerations for IESG consideration
Feb 00   RFC1995bis and AXFR advanced for Proposed
Done   SIG(0) advanced for IESG consideration
Mar 00   RFC2136bis advanced for Proposed standard
Mar 00   IXFR (RFC1995bis) interoperabilty testing complete
Apr 00   Serial Number Arithmetic, Notify and DNS Clarify advanced to Draft Standard.
Apr 00   RFC1611 and RFC1612 status chaned to historic.
May 00   RFC2308bis advanced for IESG consideration.
Done   Secure update completed and ready for IESG consideration
Done   RFC2137 Obsoleted
Jun 00   Request that TSIG be advanced to Draft Standard
Jul 00   Revised DNSSEC submitted for advancement to Draft Standard
Request For Comments:
RFC2782PSA DNS RR for specifying the location of services (DNS SRV)
RFC2845S Secret Key Transaction Authentication for DNS (TSIG)
RFC2929 Domain Name System (DNS) IANA Considerations
RFC2930PSSecret Key Establishment for DNS (TKEY RR)
RFC2931PSDNS Request and Transaction Signatures ( SIG(0)s )
RFC3007PSSecure Domain Name System (DNS) Dynamic Update
RFC3008PSDomain Name System Security (DNSSEC) Signing Authority
RFC3090PSDNS Security Extension Clarification on Zone Status
RFC3110PSRSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
RFC3123E A DNS RR Type for Lists of Address Prefixes (APL RR)
RFC3225PSIndicating Resolver Support of DNSSEC
RFC3226PSDNSSEC and IPv6 A6 aware server/resolver message size requirements

Current Meeting Report

None received.


None received.