DNS RFC Reference¶
The DNS is defined by a large number of RFCs, many of which have been extensively updated or obsoleted. This chapter aims to provide a roadmap and reference for this confusing space. The chapter does not aim to be encyclopedically complete, however, as the key information would then be lost in the noise. The curious are encouraged to click on the “Updated by” links on the IETF pages to see the finer points, or the “Obsoletes” links to go spelunking into the history of the DNS.
DNSSEC gets its own section instead of being included in the “Core” list because there are many DNSSEC related RFCs and it’s helpful to group them together. It’s not a statement that DNSSEC isn’t part of the “Core” of the DNS.
The IANA DNS Parameters registry is the official reference site for all DNS constants.
- RFC 1034
Introduction to the DNS and description of basic behavior.
- RFC 1035
The core DNS wire protocol and master file format.
- RFC 1995
Incremental zone transfer (IXFR).
- RFC 1996
The NOTIFY protocol.
- RFC 2181
Clarifications to the specification.
- RFC 2308
- RFC 2845
Transaction Signatures (TSIG)
- RFC 3007
- RFC 3645
Note that dnspython does not currently have GSS-TSIG support. GSS-TSIG is most frequently used when updating Microsoft Active-Directory-based DNS servers.
- RFC 5936
Zone transfers (AXFR).
- RFC 6891
EDNS (version 0)
- RFC 8020
Clarification on the meaning of NXDOMAIN.
- RFC 4033
Introduction and requirements.
- RFC 4034
- RFC 4035
- RFC 4470
Minimally covering NSEC records and On-line Signing.
- RFC 5155
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence. [NSEC3]
- RFC 6781
Operational Practices, Version 2.
- RFC 6840
Clarifications and Implementation Notes.
- RFC 7583
Key Rollover Timing Considerations.
- RFC 8624
Algorithm Implementation Requirements and Usage Guidance for DNSSEC.
- RFC 9157
Revised IANA Considerations for DNSSEC.
Additional Transport RFCs¶
RFCs for RR types¶
There are many more RR types than are listed here; if a type is not listed it means it is obsolete, deprecated, or rare “in the wild”. Some types that are currently rare are listed because they may well be more heavily used in the not-to-distant future. See the IANA DNS Parameters registry for a complete list.