2.7.1 Interim Meeting - DNS Extensions (dnsext)

NOTE: This charter is a snapshot of the 77th IETF Meeting in Anaheim, California USA. It may now be out-of-date.

Last Modified: 2010-01-11


Olafur Gudmundsson <ogud@ogud.com>
Andrew Sullivan <ajs@shinkuro.com>

Internet Area Director(s):

Ralph Droms <rdroms.ietf@gmail.com>
Jari Arkko <jari.arkko@piuha.net>

Internet Area Advisor:

Ralph Droms <rdroms.ietf@gmail.com>

Mailing Lists:

General Discussion: namedroppers@ops.ietf.org
To Subscribe: namedroppers-request@ops.ietf.org
Archive: http://ops.ietf.org/lists/namedroppers/

Description of Working Group:

The DNS has a large installed base and repertoire of protocol
specifications. The DNSEXT WG group will actively advance DNS
protocol-related RFCs on the standards track while thoroughly
reviewing further proposed extensions. The scope of the DNSEXT WG is
confined to the DNS protocol, particularly changes that affect DNS
protocols "on the wire" or the internal processing of DNS data. DNS
operations are out of scope for the WG.

The WG will limit itself to review of proposals for new extensions
and clarification to the DNS protocol, including DNSSEC. Adoption of
new work targeted for standards track will require changes to this

The working group can nevertheless undertake work in following
subjects without a charter change:
DNSSEC and TSIG/TKEY algorithm maintenance
Hardening DNS protocol and providing guidance to implementors
Advancing existing Proposed Standard RFCs to Draft/Full Standard
Obsoleting RFCs.
Maintaining a Wiki containing a guide to DNS protocol RFC's.
Improving DNS zone synchronization mechanisms
Examining transport protocols, possibly adding new ones.

Before formal adoption of any such items at least 5 working group
participants must publicly state that the item is within charter and is
worthwhile item for further study.

The DNSEXT WG will conduct the specified RFC5395 review of RR
templates as they are posted, and EDNS0 Option templates if EDNS0-bis
updates registration requirements.

The WG will review DNS protocol related work which may originate
elsewhere in the IETF, including AD-sponsored submissions or drafts
in other working group. The WG does not intend to hold face to face
meetings, though may do so if deemed necessary for resolution of a
specific issue at hand.

Goals and Milestones:

Done  Forward NSEC rdata to IESG for Proposed Standard
Done  Forward RFC2535-bis to IESG for proposed standard
Done  Forward Case Insensitive to IESG for Proposed Standard
Done  Forward LLMNR to IESG for Proposed Standard
Done  Update boilerplate text on OPT-IN
Done  Forward Wildcard clarification to IESG for proposed standard
Done  Finalize Zone Enumeration Requirements
Done  RFC2538 (CERT RR) to Draft Standard
Done  Forgery Resilience advanced to IESG
Done  GOST DNSKEY and DS support advanced to IESG
Jan 2010  DNSKEY Registry fixes and allocation procedure advanced to IESG
Jan 2010  AXFR Clarify to IESG
Feb 2010  DNS existing transport protocol recommendations/clarifications to IESG
Feb 2010  RFC3597-bis Unknown RR advanced to IESG for PS
Feb 2010  TSIG/MD5 Obsoleting to IESG.
Feb 2010  DNSSEC Errata document to IESG
Mar 2010  EDNS0-bis update advanced to IESG


  • draft-ietf-dnsext-axfr-clarify-14.txt
  • draft-ietf-dnsext-dnssec-bis-updates-11.txt
  • draft-ietf-dnsext-rfc2672bis-dname-19.txt
  • draft-ietf-dnsext-rfc2671bis-edns0-03.txt
  • draft-ietf-dnsext-dnssec-alg-allocation-03.txt
  • draft-ietf-dnsext-dnssec-gost-07.txt
  • draft-ietf-dnsext-rfc3597-bis-02.txt
  • draft-ietf-dnsext-dns-tcp-requirements-03.txt
  • draft-ietf-dnsext-dnssec-registry-fixes-04.txt

    Request For Comments:

    RFC2782 PS A DNS RR for specifying the location of services (DNS SRV)
    RFC2845 Standard Secret Key Transaction Authentication for DNS (TSIG)
    RFC2929 BCP Domain Name System (DNS) IANA Considerations
    RFC2930 PS Secret Key Establishment for DNS (TKEY RR)
    RFC2931 PS DNS Request and Transaction Signatures ( SIG(0)s )
    RFC3007 PS Secure Domain Name System (DNS) Dynamic Update
    RFC3008 PS Domain Name System Security (DNSSEC) Signing Authority
    RFC3090 PS DNS Security Extension Clarification on Zone Status
    RFC3110 PS RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
    RFC3123 E A DNS RR Type for Lists of Address Prefixes (APL RR)
    RFC3197 I Applicability Statement for DNS MIB Extensions
    RFC3225 PS Indicating Resolver Support of DNSSEC
    RFC3226 PS DNSSEC and IPv6 A6 aware server/resolver message size requirements
    RFC3363 I Representing IPv6 addresses in DNS
    RFC3364 I Tradeoffs in DNS support for IPv6
    RFC3425 PS Obsoleting IQUERY
    RFC3445 PS Limiting the Scope of the KEY Resource Record out
    RFC3596 Standard DNS Extensions to support IP version 6
    RFC3597 PS Handling of Unknown DNS Resource Record (RR) Types
    RFC3645 Standard GSS Algorithm for TSIG (GSS-TSIG)
    RFC3655 Standard Redefinition of DNS AD bit
    RFC3658 Standard Delegation Signer Resource Record
    RFC3755 Standard Legacy Resolver Compatibility for Delegation Signer
    RFC3757 Standard KEY RR Secure Entry Point Flag
    RFC3833 I Threat Analysis Of The Domain Name System
    RFC3845 Standard DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
    RFC4033 Standard DNS Security Introduction and Requirements
    RFC4034 Standard Resource Records for the DNS Security Extensions
    RFC4035 Standard Protocol Modifications for the DNS Security Extensions
    RFC4343 Standard Domain Name System (DNS) Case Insensitivity Clarification
    RFC4398 PS Storing Certificates in the Domain Name System (DNS)
    RFC4470 PS Minimally Covering NSEC Records and DNSSEC On-line Signing
    RFC4471 E Derivation of DNS Name Predecessor and Successor
    RFC4509 PS Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
    RFC4592 PS The Role of Wildcards in the Domain Name System
    RFC4635 PS HMAC SHA (Hashed Message Authentication Code, Secure Hash Algorithm) TSIG Algorithm Identifiers
    RFC4701 PS A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
    RFC4795 I Link-local Multicast Name Resolution (LLMNR)
    RFC4955 PS DNS Security (DNSSEC) Experiments
    RFC4956 E DNS Security (DNSSEC) Opt-In
    RFC4986 I Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover
    RFC5001 PS DNS Name Server Identifier Option (NSID)
    RFC5011 PS Automated Updates of DNS Security (DNSSEC) Trust Anchors
    RFC5155 PS DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
    RFC5395 BCP Domain Name System (DNS) IANA Considerations
    RFC5452 PS Measures for Making DNS More Resilient against Forged Answers
    RFC5625 BCP DNS Proxy Implementation Guidelines
    RFC5702 PS Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC

    Meeting Minutes


    Chair's Slides