DNS-related RFCs with Community Annotations

This site is an informal list of RFCs that relate to the DNS. The RFCs have informal annotations that might be useful to DNS implementes and security researchers. The list of DNS-related RFCs and the annotations were collected by ICANN for the benefit of the DNS community. They are not at all a part of the RFC creation process; that process happens completely within the IETF.

The value of the project is mostly in the in-line annotations. ICANN encourages anyone in the DNS community to contribute annotations to the project. The GitHub repository for the tool can be found here. There are instructions there about how to create annotations.

This list, and the tool that generated the annotated versions, was sponsored by ICANN's Office of the CTO (OCTO). Please send questions about the tool to octo@icann.org.

Basic DNS RFCs

RFCTitleDateStatusLatest Ann.
1034Domain names - concepts and facilitiesNovember 1987Internet Standard2022-08-15
1035Domain names - implementation and specificationNovember 1987Internet Standard2022-08-15
1123Requirements for Internet Hosts - Application and SupportOctober 1989Internet Standard
1536Common DNS Implementation Errors and Suggested FixesOctober 1993Informational
1912Common DNS Operational and Configuration ErrorsFebruary 1996Informational
1982Serial Number ArithmeticAugust 1996Proposed Standard2022-08-15
1995Incremental Zone Transfer in DNSAugust 1996Proposed Standard2022-08-15
1996A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)August 1996Proposed Standard2022-08-15
2136Dynamic Updates in the Domain Name System (DNS UPDATE)April 1997Proposed Standard2022-08-15
2181Clarifications to the DNS SpecificationJuly 1997Proposed Standard2022-08-15
2308Negative Caching of DNS Queries (DNS NCACHE)March 1998Proposed Standard2022-08-15
2930Secret Key Establishment for DNS (TKEY RR)September 2000Proposed Standard2022-08-15
2931DNS Request and Transaction Signatures ( SIG(0)s )September 2000Proposed Standard2022-08-15
3597Handling of Unknown DNS Resource Record (RR) TypesSeptember 2003Proposed Standard2022-08-15
3901DNS IPv6 Transport Operational GuidelinesSeptember 2004Best Current Practice
4343Domain Name System (DNS) Case Insensitivity ClarificationJanuary 2006Proposed Standard2022-08-15
4472Operational Considerations and Issues with IPv6 DNSApril 2006Informational
4501Domain Name System Uniform Resource IdentifiersMay 2006Proposed Standard
4592The Role of Wildcards in the Domain Name SystemJuly 2006Proposed Standard2022-08-15
5001DNS Name Server Identifier (NSID) OptionAugust 2007Proposed Standard2022-08-15
5358Preventing Use of Recursive Nameservers in Reflector AttacksOctober 2008Best Current Practice
5452Measures for Making DNS More Resilient against Forged AnswersJanuary 2009Proposed Standard2022-08-15
5625DNS Proxy Implementation GuidelinesAugust 2009Best Current Practice
5936DNS Zone Transfer Protocol (AXFR)June 2010Proposed Standard2022-08-15
5966DNS Transport over TCP - Implementation RequirementsAugust 2010Proposed Standard; Obsoleted by RFC 7766
6303Locally Served DNS ZonesJuly 2011Best Current Practice
6604xNAME RCODE and Status Bits ClarificationApril 2012Proposed Standard2022-08-15
6672DNAME Redirection in the DNSJune 2012Proposed Standard2022-08-15
6698The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSAAugust 2012Proposed Standard2022-08-15
6761Special-Use Domain NamesFebruary 2013Proposed Standard
6762Multicast DNSFebruary 2013Proposed Standard
6891Extension Mechanisms for DNS (EDNS(0))April 2013Internet Standard2022-08-15
6895Domain Name System (DNS) IANA ConsiderationsApril 2013Best Current Practice
7218Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE)April 2014Proposed Standard
7477Child-to-Parent Synchronization in DNSMarch 2015Proposed Standard2022-08-15
7534AS112 Nameserver OperationsMay 2015Informational
7671The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational GuidanceOctober 2015Proposed Standard
7672SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)October 2015Proposed Standard
7673Using DNS-Based Authentication of Named Entities (DANE) TLSA Records with SRV RecordsOctober 2015Proposed Standard
7686The ".onion" Special-Use Domain NameOctober 2015Proposed Standard
7719DNS TerminologyDecember 2015Informational; Obsoleted by RFC 8499
7766DNS Transport over TCP - Implementation RequirementsMarch 2016Proposed Standard2022-08-15
7816DNS Query Name Minimisation to Improve PrivacyMarch 2016Experimental; Obsoleted by RFC 9156
7828The edns-tcp-keepalive EDNS0 OptionApril 2016Proposed Standard2022-08-15
7858Specification for DNS over Transport Layer Security (TLS)May 2016Proposed Standard2022-08-15
7871Client Subnet in DNS QueriesMay 2016Informational
7873Domain Name System (DNS) CookiesMay 2016Proposed Standard
7901CHAIN Query Requests in DNSJune 2016Experimental
7929DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGPAugust 2016Experimental2022-08-15
8020NXDOMAIN: There Really Is Nothing UnderneathNovember 2016Proposed Standard
8094DNS over Datagram Transport Layer Security (DTLS)February 2017Experimental
8162Using Secure DNS to Associate Certificates with Domain Names for S/MIMEMay 2017Experimental
8427Representing DNS Messages in JSONJuly 2018Informational
8467Padding Policies for Extension Mechanisms for DNS (EDNS(0))October 2018Experimental
8482Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANYJanuary 2019Proposed Standard
8483Yeti DNS TestbedOctober 2018Informational
8484DNS Queries over HTTPS (DoH)October 2018Proposed Standard2022-08-15
8490DNS Stateful OperationsMarch 2019Proposed Standard
8499DNS TerminologyJanuary 2019Best Current Practice
8501Reverse DNS in IPv6 for Internet Service ProvidersNovember 2018Informational
8552Scoped Interpretation of DNS Resource Records through "Underscored" Naming of Attribute LeavesMarch 2019Best Current Practice
8618Compacted-DNS (C-DNS): A Format for DNS Packet CaptureSeptember 2019Proposed Standard
8767Serving Stale Data to Improve DNS ResiliencyMarch 2020Proposed Standard
8906A Common Operational Problem in DNS Servers: Failure to CommunicateSeptember 2020Best Current Practice
8932Recommendations for DNS Privacy Service OperatorsOctober 2020Best Current Practice
8945Secret Key Transaction Authentication for DNS (TSIG)November 2020Internet Standard2022-08-15
8976Message Digest for DNS ZonesFebruary 2021Proposed Standard
9018Interoperable Domain Name System (DNS) Server CookiesApril 2021Proposed Standard
9076DNS Privacy ConsiderationsJuly 2021Informational
9103DNS Zone Transfer over TLSAugust 2021Proposed Standard2022-08-15
9108YANG Types for DNS Classes and Resource Record TypesSeptember 2021Proposed Standard
9156DNS Query Name Minimisation to Improve PrivacyNovember 2021Proposed Standard2018-07-16
9210DNS Transport over TCP - Operational RequirementsMarch 2022Best Current Practice
9250DNS over Dedicated QUIC ConnectionsMay 2022Proposed Standard

RFCs Related to DNSSEC

RFCTitleDateStatusLatest Ann.
9364DNS Security Extensions (DNSSEC)February 2023Best Current Practice
3110RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)May 2001Proposed Standard2022-08-15
4033DNS Security Introduction and RequirementsMarch 2005Proposed Standard2022-08-15
4034Resource Records for the DNS Security ExtensionsMarch 2005Proposed Standard2022-08-15
4035Protocol Modifications for the DNS Security ExtensionsMarch 2005Proposed Standard2022-08-15
3757Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) FlagApril 2004Proposed Standard; Obsoleted by RFC 4033, RFC 4034, RFC 4035
4470Minimally Covering NSEC Records and DNSSEC On-line SigningApril 2006Proposed Standard2022-08-15
4509Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)May 2006Proposed Standard2022-08-15
4955DNS Security (DNSSEC) ExperimentsJuly 2007Proposed Standard
4986Requirements Related to DNS Security (DNSSEC) Trust Anchor RolloverAugust 2007Informational
5011Automated Updates of DNS Security (DNSSEC) Trust AnchorsSeptember 2007Internet Standard2022-08-15
5155DNS Security (DNSSEC) Hashed Authenticated Denial of ExistenceMarch 2008Proposed Standard2022-08-15
5702Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSECOctober 2009Proposed Standard2022-08-15
6014Cryptographic Algorithm Identifier Allocation for DNSSECNovember 2010Proposed Standard
6605Elliptic Curve Digital Signature Algorithm (DSA) for DNSSECApril 2012Proposed Standard2022-08-15
6781DNSSEC Operational Practices, Version 2December 2012Informational
6840Clarifications and Implementation Notes for DNS Security (DNSSEC)February 2013Proposed Standard2022-08-15
6944Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation StatusApril 2013Proposed Standard; Obsoleted by RFC 8624
7129Authenticated Denial of Existence in the DNSFebruary 2014Informational
7344Automating DNSSEC Delegation Trust MaintenanceSeptember 2014Proposed Standard2022-08-15
7583DNSSEC Key Rollover Timing ConsiderationsOctober 2015Informational2022-08-15
7958DNSSEC Trust Anchor Publication for the Root ZoneAugust 2016Informational
8027DNSSEC Roadblock AvoidanceNovember 2016Best Current Practice
8078Managing DS Records from the Parent via CDS/CDNSKEYMarch 2017Proposed Standard2022-08-15
8080Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSECFebruary 2017Proposed Standard2022-08-15
8145Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC)April 2017Proposed Standard
8198Aggressive Use of DNSSEC-Validated CacheJuly 2017Proposed Standard2022-08-15
8624Algorithm Implementation Requirements and Usage Guidance for DNSSECJune 2019Proposed Standard2022-08-15
9077NSEC and NSEC3: TTLs and Aggressive UseJuly 2021Proposed Standard
9157Revised IANA Considerations for DNSSECDecember 2021Proposed Standard
9276Guidance for NSEC3 Parameter SettingsAugust 2022Best Current Practice

RFCs Related to IDNA

RFCTitleDateStatusLatest Ann.
3454Preparation of Internationalized Strings ("stringprep")December 2002Proposed Standard; Obsoleted by RFC 7564
3490Internationalizing Domain Names in Applications (IDNA)March 2003Proposed Standard; Obsoleted by RFC 5890, RFC 5891
3491Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)March 2003Proposed Standard; Obsoleted by RFC 5891
3492Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)March 2003Proposed Standard2022-08-15
3743Joint Engineering Team (JET) Guidelines for Internationalized Domain Names (IDN) Registration and Administration for Chinese, Japanese, and KoreanApril 2004Informational
4690Review and Recommendations for Internationalized Domain Names (IDNs)September 2006Informational
5890Internationalized Domain Names for Applications (IDNA): Definitions and Document FrameworkAugust 2010Proposed Standard
5891Internationalized Domain Names in Applications (IDNA): ProtocolAugust 2010Proposed Standard2022-08-15
5892The Unicode Code Points and Internationalized Domain Names for Applications (IDNA)August 2010Proposed Standard
5893Right-to-Left Scripts for Internationalized Domain Names for Applications (IDNA)August 2010Proposed Standard
5894Internationalized Domain Names for Applications (IDNA): Background, Explanation, and RationaleAugust 2010Informational
5895Mapping Characters for Internationalized Domain Names in Applications (IDNA) 2008September 2010Informational
7564PRECIS Framework: Preparation, Enforcement, and Comparison of Internationalized Strings in Application ProtocolsMay 2015Proposed Standard; Obsoleted by RFC 8264
8264PRECIS Framework: Preparation, Enforcement, and Comparison of Internationalized Strings in Application ProtocolsOctober 2017Proposed Standard
8753Internationalized Domain Names for Applications (IDNA) Review for New Unicode VersionsApril 2020Proposed Standard

RFCs Related to the Root Service

RFCTitleDateStatusLatest Ann.
7108A Summary of Various Mechanisms Deployed at L-Root for the Identification of Anycast NodesJanuary 2014Informational
7706Decreasing Access Time to Root Servers by Running One on LoopbackNovember 2015Informational; Obsoleted by RFC 8806
7720DNS Root Name Service Protocol and Deployment RequirementsDecember 2015Best Current Practice
7958DNSSEC Trust Anchor Publication for the Root ZoneAugust 2016Informational
8109Initializing a DNS Resolver with Priming QueriesMarch 2017Best Current Practice
8806Running a Root Server Local to a ResolverJune 2020Informational2020-06-01

RFCs Related to the Name Registration and Lookup

RFCTitleDateStatusLatest Ann.
7482Registration Data Access Protocol (RDAP) Query FormatMarch 2015Proposed Standard; Obsoleted by RFC 9082
7483JSON Responses for the Registration Data Access Protocol (RDAP)March 2015Proposed Standard; Obsoleted by RFC 9083
7484Finding the Authoritative Registration Data (RDAP) ServiceMarch 2015Proposed Standard; Obsoleted by RFC 9224
8056Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status MappingJanuary 2017Proposed Standard
8063Key Relay Mapping for the Extensible Provisioning ProtocolFebruary 2017Proposed Standard
8334Launch Phase Mapping for the Extensible Provisioning Protocol (EPP)March 2018Proposed Standard
8495Allocation Token Extension for the Extensible Provisioning Protocol (EPP)November 2018Proposed Standard
8521Registration Data Access Protocol (RDAP) Object TaggingNovember 2018Best Current Practice
8543Extensible Provisioning Protocol (EPP) Organization MappingMarch 2019Proposed Standard
8544Organization Extension for the Extensible Provisioning Protocol (EPP)April 2019Proposed Standard
8590Change Poll Extension for the Extensible Provisioning Protocol (EPP)May 2019Proposed Standard
8748Registry Fee Extension for the Extensible Provisioning Protocol (EPP)March 2020Proposed Standard
8807Login Security Extension for the Extensible Provisioning Protocol (EPP)August 2020Proposed Standard
8909Registry Data Escrow SpecificationNovember 2020Proposed Standard
8977Registration Data Access Protocol (RDAP) Query Parameters for Result Sorting and PagingJanuary 2021Proposed Standard
8982Registration Data Access Protocol (RDAP) Partial ResponseFebruary 2021Proposed Standard
9022Domain Name Registration Data (DNRD) Objects MappingMay 2021Proposed Standard
9038Extensible Provisioning Protocol (EPP) Unhandled NamespacesMay 2021Proposed Standard
9082Registration Data Access Protocol (RDAP) Query FormatJune 2021Internet Standard
9083JSON Responses for the Registration Data Access Protocol (RDAP)June 2021Internet Standard
9154Extensible Provisioning Protocol (EPP) Secure Authorization Information for TransferDecember 2021Proposed Standard
9167Registry Maintenance Notification for the Extensible Provisioning Protocol (EPP)December 2021Proposed Standard
9224Finding the Authoritative Registration Data Access Protocol (RDAP) ServiceMarch 2022Internet Standard

We have updated our website terms of service to provide greater transparency and promote simplification. Learn more.