DNS RFC Reference
The DNS is defined by a large number of RFCs, many of which have been extensively updated or obsoleted. This chapter aims to provide a roadmap and reference for this confusing space. The chapter does not aim to be encyclopedically complete, however, as the key information would then be lost in the noise. The curious are encouraged to click on the “Updated by” links on the IETF pages to see the finer points, or the “Obsoletes” links to go spelunking into the history of the DNS.
DNSSEC gets its own section instead of being included in the “Core” list because there are many DNSSEC related RFCs and it’s helpful to group them together. It’s not a statement that DNSSEC isn’t part of the “Core” of the DNS.
The IANA DNS Parameters registry is the official reference site for all DNS constants.
Core RFCs
- RFC 1034
Introduction to the DNS and description of basic behavior.
- RFC 1035
The core DNS wire protocol and master file format.
- RFC 1995
Incremental zone transfer (IXFR).
- RFC 1996
The NOTIFY protocol.
- RFC 2181
Clarifications to the specification.
- RFC 2308
Negative Caching.
- RFC 2845
Transaction Signatures (TSIG)
- RFC 3007
Dynamic Updates
- RFC 3597
Handling of Unknown DNS Resource Record (RR) Types
- RFC 3645
GSS-TSIG.
- RFC 5936
Zone transfers (AXFR).
- RFC 6891
EDNS (version 0)
- RFC 7830
The EDNS(0) Padding Option
- RFC 8020
Clarification on the meaning of NXDOMAIN.
- RFC 8467
Padding Policies for Extension Mechanisms for DNS (EDNS(0))
- RFC 8914
Extended DNS Errors
DNSSEC RFCs
- RFC 4033
Introduction and requirements.
- RFC 4034
Resource records.
- RFC 4035
Protocol.
- RFC 4470
Minimally covering NSEC records and On-line Signing.
- RFC 4471
Derivation of DNS Name Predecessor and Successor.
- RFC 5155
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. [NSEC3]
- RFC 5702
Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC.
- RFC 6605
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC.
- RFC 6781
Operational Practices, Version 2.
- RFC 6840
Clarifications and Implementation Notes.
- RFC 7583
Key Rollover Timing Considerations.
- RFC 8080
Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC.
- RFC 8624
Algorithm Implementation Requirements and Usage Guidance for DNSSEC.
- RFC 9157
Revised IANA Considerations for DNSSEC.
Misc RFCs
Additional Transport RFCs
RFCs for RR types
There are many more RR types than are listed here; if a type is not listed it means it is obsolete, deprecated, or rare “in the wild”. Some types that are currently rare are listed because they may well be more heavily used in the not-to-distant future. See the IANA DNS Parameters registry for a complete list.
- A
- AAAA
- CAA
- CDNSKEY
- CDS
- CNAME
- CSYNC
- DNAME
- DNSKEY
- DS
- HTTPS
- LOC
- MX
- NAPTR
- NS
- NSEC
- NSEC3
- NSEC3PARAM
- OPENPGPKEY
- PTR
- RRSIG
- SMIMEA
- SOA
- SPF
- SRV
- SSHFP
- SVCB
- TLSA
- TXT
- ZONEMD