DNS RFC Reference

The DNS is defined by a large number of RFCs, many of which have been extensively updated or obsoleted. This chapter aims to provide a roadmap and reference for this confusing space. The chapter does not aim to be encyclopedically complete, however, as the key information would then be lost in the noise. The curious are encouraged to click on the “Updated by” links on the IETF pages to see the finer points, or the “Obsoletes” links to go spelunking into the history of the DNS.

DNSSEC gets its own section instead of being included in the “Core” list because there are many DNSSEC related RFCs and it’s helpful to group them together. It’s not a statement that DNSSEC isn’t part of the “Core” of the DNS.

The IANA DNS Parameters registry is the official reference site for all DNS constants.

Core RFCs

RFC 1034

Introduction to the DNS and description of basic behavior.

RFC 1035

The core DNS wire protocol and master file format.

RFC 1995

Incremental zone transfer (IXFR).

RFC 1996

The NOTIFY protocol.

RFC 2181

Clarifications to the specification.

RFC 2308

Negative Caching.

RFC 2845

Transaction Signatures (TSIG)

RFC 3007

Dynamic Updates

RFC 3597

Handling of Unknown DNS Resource Record (RR) Types

RFC 3645

GSS-TSIG.

RFC 5936

Zone transfers (AXFR).

RFC 6891

EDNS (version 0)

RFC 7830

The EDNS(0) Padding Option

RFC 8020

Clarification on the meaning of NXDOMAIN.

RFC 8467

Padding Policies for Extension Mechanisms for DNS (EDNS(0))

RFC 8914

Extended DNS Errors

DNSSEC RFCs

RFC 4033

Introduction and requirements.

RFC 4034

Resource records.

RFC 4035

Protocol.

RFC 4470

Minimally covering NSEC records and On-line Signing.

RFC 4471

Derivation of DNS Name Predecessor and Successor.

RFC 5155

DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. [NSEC3]

RFC 5702

Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC.

RFC 6605

Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC.

RFC 6781

Operational Practices, Version 2.

RFC 6840

Clarifications and Implementation Notes.

RFC 7583

Key Rollover Timing Considerations.

RFC 8080

Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.

RFC 8624

Algorithm Implementation Requirements and Usage Guidance for DNSSEC.

RFC 9157

Revised IANA Considerations for DNSSEC.

Misc RFCs

RFC 1101

Reverse mapping name form for IPv4.

RFC 1982

Serial number arithmetic.

RFC 4343

Case-sensitivity clarification.

RFC 7871

Client Subnet in DNS Queries

RFC 7873

Domain Name System (DNS) Cookies

RFC 8499

DNS Terminology.

Additional Transport RFCs

RFC 7858

Specification for DNS over Transport Layer Security (TLS).

RFC 8484

DNS Queries over HTTPS (DoH).

RFC 9250

DNS over Dedicated QUIC Connections.

RFCs for RR types

There are many more RR types than are listed here; if a type is not listed it means it is obsolete, deprecated, or rare “in the wild”. Some types that are currently rare are listed because they may well be more heavily used in the not-to-distant future. See the IANA DNS Parameters registry for a complete list.

A

RFC 1035

AAAA

RFC 3596

CAA

RFC 8659

CDNSKEY

RFC 7344

CDS

RFC 7344

CNAME

RFC 1035

CSYNC

RFC 7477

DNAME

RFC 6672

DNSKEY

RFC 4034

DS

RFC 4034

HTTPS

RFC 9460

LOC

RFC 1876

MX

RFC 1035

NAPTR

RFC 3403

NS

RFC 1035

NSEC

RFC 4034

NSEC3

RFC 5155

NSEC3PARAM

RFC 5155

OPENPGPKEY

RFC 7929

PTR

RFC 1035

RRSIG

RFC 4034

SMIMEA

RFC 8162

SOA

RFC 1035

SPF

RFC 7208

SRV

RFC 2782

SSHFP

RFC 4255

SVCB

RFC 9460

TLSA

RFC 6698

TXT

RFC 1035

ZONEMD

RFC 8976