DNS Extensions (dnsext)
-----------------------

 Charter
 Last Modified: 2007-07-25

 Current Status: Active Working Group

 Chair(s):
     Olafur Gudmundsson  <ogud@ogud.com>

 Internet Area Director(s):
     Jari Arkko  <jari.arkko@piuha.net>
     Mark Townsley  <townsley@cisco.com>

 Internet Area Advisor:
     Mark Townsley  <townsley@cisco.com>

 Mailing Lists: 
     General Discussion:namedroppers@ops.ietf.org
     To Subscribe:      namedroppers-request@ops.ietf.org
     Archive:           http://ops.ietf.org/lists/namedroppers/

Description of Working Group:

DNS was originally specified in RFC's 1034 and 1035, with subsequent
updates.  Within the scope of this WG are DNS protocol issues,
including the specification of message formats, message handling, and
data formats used for DNS client-server and server-server
communication.

This WG is focused on advancing the zone transfer, update, notify
and DNSSECbis documents to Draft standard.

The WG works on solutions for DNSSEC deployment issues that may
require protocol modifications. Two of these issues are identified
and are worked on under the umbrella of this WG. 1] (a) method(s) to
prevent the possibility of trivial zone enumeration and 2] a method
for automated rollover of trust-anchors configured in validating
resolvers.

Issues surrounding the operation of DNS, recommendations concerning
the configuration of DNS servers, and other issues with the use of
the protocol are out of scope for this Working Group.  These issues
are considered in other venues, such as the DNS Operations Working
Group.

The DNSEXT Working Group sometimes uses an additional mailing list
for discussion of DNS Security related issues. This list is open to
all

   Discussion: dnssec@cafax.se
   To Subscribe: dnssec-request@cafax.se
   Archive:  http://www.cafax.se/dnssec/ and
            ftp://ftp.cafax.se/pub/archives/dnssec.list

The 2535bis document set was edited by a team. This team was
chartered with making editorial changes only, with all substantiative
changes discussed on the WG list. The archive of this editors-only
mailing list is available at:
   
   http://www.east.isi.edu/projects/DNSSEC
 
Specific work items are:

       o Advance the DNSSECbis document set through the standards
         process.

       o Clarification of RFC1034/1035 relating to DNSEXT ongoing work.
         + Clarification of wildcard processing rules.

       o After the work items above have been completed the working
         group will continue on reviewing the following existing
         proposed standard and examine if there is a possibility to
         progress them on the standards track.

         + RFC1995 (IXFR)  to Draft standard.
         + RFC1996 (Notify) to Draft standard.
         + RFC2136bis (Dynamic Update) to Draft Standard.
         + RFC2181 (Clarify) to IESG for advancement to Draft Standard.
         + RFC2308 (Neg Caching) to Draft Standard.
         + RFC2671 (EDNS0) to Draft Standard.
         + RFC2672 (DNAME) to Draft Standard, or revision.
         + RFC2845 (TSIG)to Draft standard.
         + RFC2930 (TKEY) to Draft standard.
         + RFC3007 (Secure Update) to Draft standard.
         + RFC3645 GSS/TSIG to Draft Standard         
         + RFC3??? AXFR clarify to Draft Standard.

       o Identify (a) method(s) to prevent the possibility of trivial
         zone enumeration.

       o Define a method for automated rollover of trust-anchors
         configured in validating resolvers.

       o Foster the development of Link Local Multicast Name
         Resolution (LLMNR) standard. The WG has taken up this work
         since LLMNR it is very similar to the DNS protocol.  LLMNR is
         targeted as proposed standard.

The lifetime of the group is set by the work items above but while
these are ongoing the working group has additional tasks:

       o Reviewing and providing recommendations about the 
         specification, by other working groups, of RR types that do 
not
         require any special processing and that do not require any 
         special naming conventions.

 Goals and Milestones:

   Done         Forward NSEC rdata to IESG for Proposed Standard 

   Done         Forward RFC2535-bis to IESG for proposed standard 

   Done         Forward Case Insensitive to IESG for Proposed Standard 

   Done         Forward LLMNR to IESG for Proposed Standard 

   Done         Update boilerplate text on OPT-IN 

   Done         Forward Wildcard clarification to IESG for proposed standard 

   Feb 2007       Submit KEY algorithm documents RFC253[69]bis and RFC3110 to 
                IESG for proposed standard 

   Done         Finalize Zone Enumeration Requirements 

   Jun 2007       Start of process of reviewing the following RFCs and to move 
                them to Draft Standard status 

   Jul 2007       RFC2930 (TKEY) to Draft standard 

   Jul 2007       RFC2181 (Clarify) to Draft Standard 

   Jul 2007       RFC2136 (Dynamic Update) to Draft Standard 

   Jul 2007       RFC2308 (Neg Caching) to Draft Standard 

   Jul 2007       RFC3007 (Secure Update) to Draft Standard 

   Jul 2007       RFC2782 (SRV RR) to Draft Standard 

   Jul 2007       RFC2671 (EDNS0) to Draft Standard 

   Jul 2007       RFC1995 (IXFR) to Draft standard 

   Jul 2007       RFC2672 (DNAME) to Draft Standard or revision 

   Jul 2007       RFC1996 (Notify) to Draft Standard 

   Jul 2007       Submit to IESG RFC2845 (TSIG)to Draft standard 

   Jul 2007       RFC1982 (Serial Number Arithmetic) 

   Jul 2007       RFC2538 (CERT RR) to Draft Standard 

   Jul 2007       FRC2539 (DH Key RR) to Draft Standard 

   Jul 2007       RFC3226 (Message Size) to Draft Standard 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 2004 Jul 2007   <draft-ietf-dnsext-dnssec-trans-05.txt>
                Evaluating DNSSEC Transition Mechanisms 

Jan 2005 Dec 2007   <draft-ietf-dnsext-nsec3-13.txt>
                DNSSEC Hashed Authenticated Denial of Existence 

May 2005 Nov 2007   <draft-ietf-dnsext-dnssec-bis-updates-06.txt>
                Clarifications and Implementation Notes for DNSSECbis 

Jul 2005 Aug 2007   <draft-ietf-dnsext-2929bis-06.txt>
                Domain Name System (DNS) IANA Considerations 

Feb 2006 Dec 2007   <draft-ietf-dnsext-dnssec-rsasha256-02.txt>
                Use of SHA-2 algorithms with RSA in DNSKEY and RRSIG Resource 
                Records for DNSSEC 

Sep 2006 Dec 2007   <draft-ietf-dnsext-rfc2672bis-dname-07.txt>
                Update to DNAME Redirection in the DNS 

Jan 2007 Aug 2007   <draft-ietf-dnsext-forgery-resilience-01.txt>
                Measures for making DNS more resilient against forged answers 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC2782 PS   Feb 2000    A DNS RR for specifying the location of services (DNS 
                       SRV) 

RFC2845Standard  Jun 2000    Secret Key Transaction Authentication for DNS (TSIG) 

RFC2929BCP  Sep 2000    Domain Name System (DNS) IANA Considerations 

RFC2930 PS   Sep 2000    Secret Key Establishment for DNS (TKEY RR) 

RFC2931 PS   Sep 2000    DNS Request and Transaction Signatures ( SIG(0)s ) 

RFC3008 PS   Dec 2000    Domain Name System Security (DNSSEC) Signing Authority 

RFC3007 PS   Dec 2000    Secure Domain Name System (DNS) Dynamic Update 

RFC3090 PS   Mar 2001    DNS Security Extension Clarification on Zone Status 

RFC3110 PS   May 2001    RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System 
                       (DNS) 

RFC3123 E    Jun 2001    A DNS RR Type for Lists of Address Prefixes (APL RR) 

RFC3197 I    Nov 2001    Applicability Statement for DNS MIB Extensions 

RFC3226 PS   Dec 2001    DNSSEC and IPv6 A6 aware server/resolver message size 
                       requirements 

RFC3225 PS   Dec 2001    Indicating Resolver Support of DNSSEC 

RFC3363 I    Aug 2002    Representing IPv6 addresses in DNS 

RFC3364 I    Aug 2002    Tradeoffs in DNS support for IPv6 

RFC3425 PS   Nov 2002    Obsoleting IQUERY 

RFC3445 PS   Dec 2002    Limiting the Scope of the KEY Resource Record out 

RFC3597 PS   Sep 2003    Handling of Unknown DNS Resource Record (RR) Types 

RFC3596Standard  Oct 2003    DNS Extensions to support IP version 6 

RFC3645Standard  Oct 2003    GSS Algorithm for TSIG (GSS-TSIG) 

RFC3655Standard  Nov 2003    Redefinition of DNS AD bit 

RFC3658Standard  Dec 2003    Delegation Signer Resource Record 

RFC3755Standard  May 2004    Legacy Resolver Compatibility for Delegation Signer 

RFC3757Standard  May 2004    KEY RR Secure Entry Point Flag 

RFC3845Standard  Aug 2004    DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format 

RFC3833 I    Aug 2004    Threat Analysis Of The Domain Name System 

RFC4035Standard  Apr 2005    Protocol Modifications for the DNS Security Extensions 

RFC4034Standard  Apr 2005    Resource Records for the DNS Security Extensions 

RFC4033Standard  Apr 2005    DNS Security Introduction and Requirements 

RFC4343Standard  Jan 2006    Domain Name System (DNS) Case Insensitivity 
                       Clarification 

RFC4398 PS   Mar 2006    Storing Certificates in the Domain Name System (DNS) 

RFC4470 PS   Apr 2006    Minimally Covering NSEC Records and DNSSEC On-line 
                       Signing 

RFC4509 PS   May 2006    Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource 
                       Records (RRs) 

RFC4592 PS   Jul 2006    The Role of Wildcards in the Domain Name System 

RFC4635 PS   Aug 2006    HMAC SHA (Hashed Message Authentication Code, Secure 
                       Hash Algorithm) TSIG Algorithm Identifiers 

RFC4471 E    Sep 2006    Derivation of DNS Name Predecessor and Successor 

RFC4701 PS   Oct 2006    A DNS Resource Record (RR) for Encoding Dynamic Host 
                       Configuration Protocol (DHCP) Information (DHCID RR) 

RFC4795 I    Jan 2007    Link-local Multicast Name Resolution (LLMNR) 

RFC4956 E    Jul 2007    DNS Security (DNSSEC) Opt-In 

RFC4955 PS   Jul 2007    DNS Security (DNSSEC) Experiments 

RFC5001 PS   Aug 2007    DNS Name Server Identifier Option (NSID) 

RFC4986 I    Aug 2007    Requirements Related to DNS Security (DNSSEC) Trust 
                       Anchor Rollover 

RFC5011 PS   Sep 2007    Automated Updates of DNS Security (DNSSEC) Trust Anchors