DNS Security RFCs
The first table below highlights DNSSEC RFCs, while the second table lists RFCs relating to DNS and its applicaation to DNS or network security.
Click a column heading to sort.
| RFC No. | RFC Title |
|---|---|
| 7646 | Definition and Use of DNSSEC Negative Trust Anchors |
| 7583 | DNSSEC Key Rollover Timing Considerations |
| 7344 | Automating DNSSEC Delegation Trust Maintenance |
| 7129 | Authenticated Denial of Existence in the DNS |
| 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) |
| 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status |
| 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements |
| 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) |
| 6781 | DNSSEC Operational Practices Version 2 |
| 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates |
| 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC |
| 6024 | Trust Anchor Management Requirements |
| 5933 | Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC |
| 5910 | Domain Name System (DNS) Security Extenstions Mapping for the Extensible Provisioning Protocol (EPP) |
| 5702 | Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC |
| 5155 | DNS Security (DNSSEC) Hashed Authenticated Denial of Existence [NSEC3 NSEC3PARAM] |
| 5074 | DNSSEC Lookaside Validation (DLV) |
| 5011 | Automated Updates of DNS Security (DNSSEC) Trust Anchors |
| 4986 | Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover |
| 4956 | DNS Security (DNSSEC) Opt-In |
| 4955 | DNS Security (DNSSEC) Experiments |
| 4641 | DNSSEC Operational Practices |
| 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) |
| 4471 | Derivation of DNS Name Predecessor and Successor |
| 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing |
| 4431 | The DNSSEC Lookaside Validation (DLV) Resource Record |
| 4035 | Protocol Modifications for the DNS Security Extensions |
| 4034 | Resource Records for DNS Security Extensions |
| 4033 | DNS Security Introduction and Requirements |
Non-DNSSEC DNS Security RFCs
Click a column heading to sort.
| RFC No. | RFC Title |
|---|---|
| 7673 | Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV Records |
| 7672 | SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) |
| 7671 | The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance |
| 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) |
| 7208 | Sender Policy Framework (SPF) for Authorizing Use of Domains in Email Version 1 |
| 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA |
| 6651 | Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting |
| 6594 | Use of the SHA-256 Algorithm with RSA Digital Signature Algorithm (DSA) and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records |
| 6541 | DomainKeys Identified Mail (DKIM) Authorized Third-Party Signatures |
| 6394 | Use Cases and Requirements for DNS-Based Authentication of Named Entities (DANE) |
| 6377 | DomainKeys Identified Mail (DKIM) and Mailing Lists |
| 6376 | DomainKeys Identified Mail (DKIM) Signatures |
| 6024 | Trust Anchor Management Requirements |
| 5863 | DomainKeys Identified Mail (DKIM) Development Deployment and Operations |
| 5782 | DNS Blacklists and Whitelists |
| 5672 | RFC 4871 DomainKeys Identified Mail (DKIM) Signatures " Update |
| 5617 | DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP) |
| 5585 | DomainKeys Identified Mail (DKIM) Service Overview |
| 5452 | Measures for Making DNS More Resilient against Forged Answers |
| 5358 | Preventing Use of Recursive Nameservers in Reflector Attacks |
| 5016 | Requirements for a DomainKeys Identified Mail (DKIM) Signing Practices Protocol |
| 4871 | DomainKeys Identified Mail (DKIM) Signatures |
| 4686 | Analysis of Threats Motivating DomainKeys Identified Mail (DKIM) |
| 4398 | Storing Certificates in the Domain Name System (DNS) |
| 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints |
| 3833 | Threat Analysis of the Domain Name System (DNS) |
| 3645 | Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG) |
| 3110 | RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) |
| 3007 | Secure Domain Name System (DNS) Dynamic Update |
| 2931 | DNS Request and Transactional Signatures (SIG(0)s) |
| 2930 | Secret Key Establishment for DNS (TKEY RR) |
| 2845 | Secret Key Transaction Authentication for DNS (TSIG) |
| 2230 | Key Exchange Delegation Record for the DNS |