DNS Extensions (dnsext)
-----------------------

 Charter
 Last Modified: 2010-11-10

 Current Status: Active Working Group

 Chair(s):
     Olafur Gudmundsson  <ogud@ogud.com>
     Andrew Sullivan  <ajs@shinkuro.com>

 Internet Area Director(s):
     Ralph Droms  <rdroms.ietf@gmail.com>
     Jari Arkko  <jari.arkko@piuha.net>

 Internet Area Advisor:
     Ralph Droms  <rdroms.ietf@gmail.com>

 Mailing Lists: 
     General Discussion:dnsext@ietf.org
     To Subscribe:      https://www.ietf.org/mailman/listinfo/dnsext
     Archive:           http://www.ietf.org/mail-archive/web/dnsext/

Description of Working Group:

The DNS has a large installed base and repertoire of protocol
specifications. The DNSEXT WG group will actively advance DNS
protocol-related RFCs on the standards track while thoroughly
reviewing further proposed extensions. The scope of the DNSEXT WG is
confined to the DNS protocol, particularly changes that affect DNS
protocols "on the wire" or the internal processing of DNS data. DNS
operations are out of scope for the WG.

The WG will limit itself to review of proposals for new extensions
and clarification to the DNS protocol, including DNSSEC. Adoption of
new work targeted for standards track will require changes to this
charter.

The working group can nevertheless undertake work in following
subjects without a charter change:
	DNSSEC and TSIG/TKEY algorithm maintenance
	Hardening DNS protocol and providing guidance to implementors
	Advancing existing Proposed Standard RFCs to Draft/Full Standard
	Obsoleting RFCs.
	Maintaining a Wiki containing a guide to DNS protocol RFC's. 
	Improving DNS zone synchronization mechanisms 
	Examining transport protocols, possibly adding new ones.

Before formal adoption of any such items at least 5 working group
participants must publicly state that the item is within charter and is
worthwhile item for further study.

The DNSEXT WG will conduct the specified RFC5395 review of RR
templates as they are posted, and EDNS0 Option templates if EDNS0-bis
updates registration requirements.

The WG will review DNS protocol related work which may originate
elsewhere in the IETF, including AD-sponsored submissions or drafts
in other working group. The WG does not intend to hold face to face
meetings, though may do so if deemed necessary for resolution of a
specific issue at hand.

 Goals and Milestones:

   Done         Forward NSEC rdata to IESG for Proposed Standard 

   Done         Forward RFC2535-bis to IESG for proposed standard 

   Done         Forward Case Insensitive to IESG for Proposed Standard 

   Done         Forward LLMNR to IESG for Proposed Standard 

   Done         Update boilerplate text on OPT-IN 

   Done         Forward Wildcard clarification to IESG for proposed standard 

   Done         Finalize Zone Enumeration Requirements 

   Done         RFC2538 (CERT RR) to Draft Standard 

   Done         Forgery Resilience advanced to IESG 

   Done         GOST DNSKEY and DS support advanced to IESG 

   Jan 2010       DNSKEY Registry fixes and allocation procedure advanced to IESG 

   Done         AXFR Clarify to IESG 

   Feb 2010       DNS existing transport protocol recommendations/clarifications 
                to IESG 

   Feb 2010       RFC3597-bis Unknown RR advanced to IESG for PS 

   Feb 2010       TSIG/MD5 Obsoleting to IESG. 

   Feb 2010       DNSSEC Errata document to IESG 

   Mar 2010       EDNS0-bis update advanced to IESG 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
May 2005 Nov 2010   <draft-ietf-dnsext-dnssec-bis-updates-12.txt>
                Clarifications and Implementation Notes for DNSSECbis 

Sep 2006 Dec 2010   <draft-ietf-dnsext-rfc2672bis-dname-21.txt>
                Update to DNAME Redirection in the DNS 

Dec 2007 Nov 2010   <draft-ietf-dnsext-rfc2671bis-edns0-04.txt>
                Extension Mechanisms for DNS (EDNS0) 

Sep 2009 Feb 2010   <draft-ietf-dnsext-rfc3597-bis-02.txt>
                Handling of Unknown DNS Resource Record (RR) Types 

Oct 2009 Aug 2010   <draft-ietf-dnsext-dnssec-registry-fixes-06.txt>
                Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm 
                IANA Registry 

Nov 2010 Nov 2010   <draft-ietf-dnsext-dnssec-algo-signal-00.txt>
                Signaling Cryptographic Algorithm Understanding in DNSSEC 

Nov 2010 Nov 2010   <draft-ietf-dnsext-5395bis-02.txt>
                Domain Name System (DNS) IANA Considerations 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2782 PS   Feb 2000    A DNS RR for specifying the location of services (DNS 
                       SRV) 

RFC2845Standard  Jun 2000    Secret Key Transaction Authentication for DNS (TSIG) 

RFC2929BCP  Sep 2000    Domain Name System (DNS) IANA Considerations 

RFC2930 PS   Sep 2000    Secret Key Establishment for DNS (TKEY RR) 

RFC2931 PS   Sep 2000    DNS Request and Transaction Signatures ( SIG(0)s ) 

RFC3008 PS   Dec 2000    Domain Name System Security (DNSSEC) Signing Authority 

RFC3007 PS   Dec 2000    Secure Domain Name System (DNS) Dynamic Update 

RFC3090 PS   Mar 2001    DNS Security Extension Clarification on Zone Status 

RFC3110 PS   May 2001    RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System 
                       (DNS) 

RFC3123 E    Jun 2001    A DNS RR Type for Lists of Address Prefixes (APL RR) 

RFC3197 I    Nov 2001    Applicability Statement for DNS MIB Extensions 

RFC3225 PS   Dec 2001    Indicating Resolver Support of DNSSEC 

RFC3226 PS   Dec 2001    DNSSEC and IPv6 A6 aware server/resolver message size 
                       requirements 

RFC3364 I    Aug 2002    Tradeoffs in DNS support for IPv6 

RFC3363 I    Aug 2002    Representing IPv6 addresses in DNS 

RFC3425 PS   Nov 2002    Obsoleting IQUERY 

RFC3445 PS   Dec 2002    Limiting the Scope of the KEY Resource Record out 

RFC3597 PS   Sep 2003    Handling of Unknown DNS Resource Record (RR) Types 

RFC3596Standard  Oct 2003    DNS Extensions to support IP version 6 

RFC3645Standard  Oct 2003    GSS Algorithm for TSIG (GSS-TSIG) 

RFC3655Standard  Nov 2003    Redefinition of DNS AD bit 

RFC3658Standard  Dec 2003    Delegation Signer Resource Record 

RFC3755Standard  May 2004    Legacy Resolver Compatibility for Delegation Signer 

RFC3757Standard  May 2004    KEY RR Secure Entry Point Flag 

RFC3845Standard  Aug 2004    DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format 

RFC3833 I    Aug 2004    Threat Analysis Of The Domain Name System 

RFC4035Standard  Apr 2005    Protocol Modifications for the DNS Security Extensions 

RFC4034Standard  Apr 2005    Resource Records for the DNS Security Extensions 

RFC4033Standard  Apr 2005    DNS Security Introduction and Requirements 

RFC4343Standard  Jan 2006    Domain Name System (DNS) Case Insensitivity 
                       Clarification 

RFC4398 PS   Mar 2006    Storing Certificates in the Domain Name System (DNS) 

RFC4470 PS   Apr 2006    Minimally Covering NSEC Records and DNSSEC On-line 
                       Signing 

RFC4509 PS   May 2006    Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource 
                       Records (RRs) 

RFC4592 PS   Jul 2006    The Role of Wildcards in the Domain Name System 

RFC4635 PS   Aug 2006    HMAC SHA (Hashed Message Authentication Code, Secure 
                       Hash Algorithm) TSIG Algorithm Identifiers 

RFC4471 E    Sep 2006    Derivation of DNS Name Predecessor and Successor 

RFC4701 PS   Oct 2006    A DNS Resource Record (RR) for Encoding Dynamic Host 
                       Configuration Protocol (DHCP) Information (DHCID RR) 

RFC4795 I    Jan 2007    Link-local Multicast Name Resolution (LLMNR) 

RFC4955 PS   Jul 2007    DNS Security (DNSSEC) Experiments 

RFC4956 E    Jul 2007    DNS Security (DNSSEC) Opt-In 

RFC5001 PS   Aug 2007    DNS Name Server Identifier Option (NSID) 

RFC4986 I    Aug 2007    Requirements Related to DNS Security (DNSSEC) Trust 
                       Anchor Rollover 

RFC5011 PS   Sep 2007    Automated Updates of DNS Security (DNSSEC) Trust Anchors 

RFC5155 PS   Mar 2008    DNS Security (DNSSEC) Hashed Authenticated Denial of 
                       Existence 

RFC5395BCP  Nov 2008    Domain Name System (DNS) IANA Considerations 

RFC5452 PS   Jan 2009    Measures for Making DNS More Resilient against Forged 
                       Answers 

RFC5625BCP  Aug 2009    DNS Proxy Implementation Guidelines 

RFC5702 PS   Oct 2009    Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG 
                       Resource Records for DNSSEC 

RFC5936 PS   Jun 2010    DNS Zone Transfer Protocol (AXFR) 

RFC5933 PS   Jul 2010    Use of GOST Signature Algorithms in DNSKEY and RRSIG 
                       Resource Records for DNSSEC 

RFC5966 PS   Aug 2010    DNS Transport over TCP - Implementation Requirements 

RFC6014 PS   Nov 2010    Cryptographic Algorithm Identifier Allocation for DNSSEC