DNS Group WebStart Page

Here is a list of resources that may be of interest:

• Various BIND/DNS Resources
• Google DNS
• Organizations
• Remote Tests
• IETF Information Related to DNS
• DNS Standards
• DNS Internet Drafts
• DNS-related Mailing Lists
• Related Standards
• Normal Startup Page

Miscellaneous DNS & BIND Resources

• ISC BIND web site
• BIND 9 Administrators Reference Manual - Available from Nominum's web site.
• DNS & BIND 4th Edition Book by Liu and Albitz
• DNS & BIND Cookbook by Cricket Liu.
• SAIC maintains this DNS Project Link.
• BIND-Users Group FAQ
• Secure BIND Configuration Template
• DNS Paramaters at IANA
• Home Network - Simple DNS Setup
• Private DNS Configuration Example
• Men and Mice - DNS Consulting
• Ask Mr. DNS
• Google DNS Directory

Organizations

• NANOG, and the NANOG Mailing list, sorted by thread
• Root Server Technical Operations Association
• DNS Root Server System Advisory Committee (RSSAC) - an ICANN committee.
• World Wide Alliance of Country Code Top Level Domain Names ccTLD Meetings in Bucharest, 24 -25 June 2002

Remote Test Sites

• DNS Report
• DNS Stuff

Internet Engineering Task Force-related DNS Information

All IETF RFC's and draft standards can be found at www.ietf.org, a part of the Internet Engineering Task Force. Information about the IETF process is available in RFC 2026 and the The TAO of IETF (aka RFC 2026)

A backup site for this can be found at  FAQS.org

DNS Standards-related Information

IETF - DNS Working Groups

• DNS Security Extensions Working Group

DNS-related Mailing Lists

• namedroppers-request@ops.ietf.org - (subscription address for DNSSEC WG List) - list is managed by majordomo (just send blank message containing "subscribe")
• Current Namedroppers Mailing list archive (DNS Sec Working Group List)
• dnsop-request@cafax.se - DNS Op Subscription address (DNS Operations WG List) - list is managed by majordomo (just send blank message containing "subscribe")
• Archive of DNS Operations Mailing list at Cafax
• dnssec-request@cafax.se - DNS Sec Subscription address (cafax.se list for DNS Sec) - list is managed by majordomo (just send blank message containing "subscribe")
• Archive of Cafax dnssec list

DNS Standards

• RFC 1033 - Domain Administrators - Operations Guide (M. Lottor; 1987)
• RFC 1034 - Domain Names - Concepts and Facilities (P. Mockapetris; 1987)
• RFC 1035 - Domain Names - Implementation and Specification (P. Mockapetris; 1987)
• RFC 1101 – DNS encoding of network names and other types (P.V. Mockapetris; 1989)
• RFC 1183 – New DNS RR Specification (C. Everhart, L. Mamakos, R. Ullmann, P. Mockapetris, Editor; 1990)
• RFC 1383 – An Experiment in DNS Based IP Routing (C. Huitema; 1992)
• RFC 1535 - (informational) Security Problem and Correction in Widely Deployed DNS S/W (E. Gavron; 1993)
• RFC 1536 - (informational) Common DNS Implementation Errors and Suggested Fixes (A. Kumar, J. Postel, C. Neuman, P. Danzig, S. Miller; 1993)
• RFC 1706 - DNS NSAP Resource Records (B. Manning, R. Colella; 1994)
• RFC 1712 - DNS Encoding of Geographical Location (C. Farrell, M. Schulze, S. Pleitner, D. Baldoni; 1994)
• RFC 1713 - Tools for DNS debugging (FYI0027) (A. Romao; 1994)
• RFC 1788 - ICMP Domain Name Messages (W. Simpson; 1995)
• RFC 1794 - DNS Support for Load Balancing (T. Brisco; 1995)
• RFC 1876 - (experimental) A Means for Expressing Location Information in the Domain Name System (C. Davis, P. Vixie, T. Goodwin, I. Dickinson; 1996)
• RFC 1886 - DNS Extensions to support IP version 6(S. Thomson, C. Huitema; 1995)
• RFC 1912 - Common DNS Operational and Configuration Errors (D. Barr; 1996)
• RFC 1982 - Serial Number Arithmetic (R. Elz, R. Bush; 1996)
• RFC 1995 - Incremental Zone Transfer in DNS (M. Ohta; 1996)
• RFC 1996 - A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) (P. Vixie; 1996)
• RFC 2052 - (Experimental) SRV Records (A. Gulbrandsen, P. Vixie; 1996)
• RFC 2136 - Dynamic Updates in the Domain Name System (DNS UPDATE) (P. Vixie -Editor, S. Thomson, Y. Rekhter, J. Bound; 1997)
• RFC 2163 - Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM) (C. Allocchio; 1998)
• RFC 2168 - (Experimental) Resolution of Uniform Resource Identifiers using the Domain Name System (R. Daniel, M. Mealling; 1997)
• RFC 2181 - Clarifications to the DNS Specification (R. Elz, R. Bush; 1997)
• RFC 2182 - Clarifications to the DNS Specification (R. Elz, R. Bush; 1997)
• RFC 2230 - Key Exchange Delegation Record for the DNS (R. Atkinson; 1997)
• RFC 2308 - Negative Caching of DNS Queries (DNS NCACHE) (M. Andrews; 1998)
• RFC 2317 - Classless IN-ADDR.ARPA delegation (H. Eidnes, G. de Groot, P. Vixie; 1998)
• RFC 2535 - Domain Name System (DNS) Security Extensions (D. Eastlake; 1999)
• RFC 2536 - DSA KEYs and SIGs in the Domain Name System (DNS) (D. EastLake; 1999)
• RFC 2538 - Storing Certificates in the Domain Name System (DNS) (D. Eastlake, O. Gudmundsson; 1999)
• RFC 2539 - Storage of Diffie-Hellman Keys in the Domain Name System (DNS) (D. Eastlake; 1999)
• RFC 2540 - Detached Domain Name System (DNS) Information (D. Eastlake; 1999)
• RFC 2541 - DNS Security Operational Considerations (D. Eastlake 3rd; 1999)
• RFC 2671 - Extension Mechanisms for DNS (EDNS0) (P. Vixie; 1999)
• RFC 2672 - Non-Terminal DNS Name Redirection (M. Crawford; 1999)
• RFC 2673 - Binary Labels in the Domain Name System (N. Shen, H. Smit; 2000)
• RFC 2694 - DNS extensions to Network Address Translators (DNS_ALG) (P. Srisuresh, G. Tsirtsis, P. Akkiraju, A. Heffernan; 2000)
• RFC 2782 - A DNS RR for specifying the location of services (DNS SRV) (A. Gulbrandsen, P. Vixie, L. Esibov; 2000)
• RFC 2845 - Secret Key Transaction Authentication for DNS (TSIG) (P. Vixie, O. Gudmundsson, D. Eastlake 3rd, B. Wellington; 2000)
• RFC 2870 - Operational Guidelines for Root Name (DNS) Server (R. Bush, D. Karrenberg, M. Kosters, R. Plzak; 2000)
• RFC 2874 - DNS Extensions to Support IPv6 Address Aggregation and Renumbering (M. Crawford, C. Huitema; 2000)
• RFC 2915 - The Naming Authority Pointer (NAPTR) DNS Resource Record (M. Mealling, R. Daniel; 2000)
• RFC 2916 - E.164 number and DNS E.164 number and DNS (P. Faltstrom; 2000)
• RFC 2929 - Domain Name System (DNS) IANA Considerations (BCP0042) (D. Eastlake 3rd, E. Brunner-Williams, B. Manning; 2000)
• RFC 2930 - Secret Key Establishment for DNS (TKEY RR) (R. Daniel; 2000)
• RFC 2931 - DNS Request and Transaction Signatures (SIG(0)s) (D. Eastlake 3rd; 2000)
• RFC 3007 - Secure Domain Name System (DNS) Dynamic Update (B. Wellington; 2000)
• RFC 3008 - Domain Name System Security (DNSSEC) Signing Authority (B. Wellington; 2000)
• RFC 3090 - DNS Security Extension Clarification on Zone Status (E. Lewis; 2001)
• RFC 3110 - RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) (D. Eastlake 3rd; 2001)
• RFC 3123 - A DNS RR Type for Lists of Address Prefixes (APL RR) (P. Koch; 2001)
• RFC 3225 - Indicating Resolver Support of DNSSEC (D. Conrad; 2001)
• RFC 3226 - DNSSEC and IPv6 A6 aware server/resolver message size requirements (O. Gudmundsson; 2001)
• RFC 3258 - Distributing Authoritative Name Servers via Shared Unicast Addresses (T. Hardie; 2002)
• RFC 3363 - Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS) (R. Bush, A. Durand, B. Fink, O. Gudmundsson, T. Hain; 2002)
• RFC 3401 - Dynamic Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS (M. Mealling; 2002)
• RFC 3402 - Dynamic Delegation Discovery System (DDDS) Part Two: The Algorithm (M. Mealling; 2002)
• RFC 3403 - Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database (M. Mealling; 2002)
• RFC 3404 - Dynamic Delegation Discovery System (DDDS) Part Part Four: The Uniform Resource Identifiers (URI) Resolution Application (M. Mealling; 2002)
• RFC 3425 - Obsoleting IQUERY (D. Lawrence; 2002)
• RFC 3445 - Limiting the Scope of the KEY Resource Record (RR) (D. Massey, S. Rose; 2002)
• RFC 3597 - Handling of Unknown DNS Resource Record (RR) Types (A. Gustafsson; 2003)
• RFC 3645 - Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG) (S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, R. Hall; 2003)
• RFC 3655 - Redefinition of DNS Authenticated Data (AD) bit (B. Wellington, O. Gudmundsson; 2003)
• RFC 3658 - Delegation Signer (DS) Resource Record (RR) (O. Gudmundsson; 2003)
• RFC 3755 - Legacy Resolver Compatibility for Delegation Signer (DS) (S. Weiler; 2004)
• RFC 3757 - Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag (O. Kolkman, J. Schlyter, E. Lewis; 2004)

Internet Drafts (not yet standards)

The entire list of current drafts can also be found at the ietf.org within the internet-drafts directory

• DNS Extensions Working Group

  • Requirements related to DNSSEC Signed Proof of Non-Existence (B. Laurie, R. Loomis;2004)
  • An In-Band Rollover Mechanism and an Out-Of-Band Priming Method for DNSSEC Trust Anchors. (J. Ihren, et al.; 2004)
  • Linklocal Multicast Name Resolution (LLMNR) (L. Esibov, et al.; 2004)
  • TKEY Secret Key Renewal Mode (Y. Kamite, M. Nakayama; 2004)
  • Design Choices When Expanding DNS (P. Faltstrom, R. Austein; 2004)
  • Resource Records for DNS Security Extensions (R. Arends et al.; 2004)
  • Protocol Modifications for the DNS Security Extensions (R. Arends et al.; 2004)
  • DNS Security Introduction and Requirements (R. Arends, et al.; 2004)
  • Clarifying the Role of Wild Card Domains in the Domain Name System (E. Lewis; 2004)
  • RFC 3267 Interoperability Report (J. Schlyter; 2004)
  • HMAC SHA TSIG Algorithm Identifiers (D. Eastlake 3rd; 2004)
  • Elliptic Curve KEYs in the DNS (R. Schroeppel, D. Eastlake; 2004)
  • DSA Keying and Signature Information in the DNS (D. Eastlake, 2004)
  • Storage of Diffie-Hellman Keys in the Domain Name System (DNS) (D. Eastlake, 2004)
  • DNS RR for encoding DHCP information (DHCID RR) (M. Stapp, et al.; 2004)
  • Domain Name System (DNS) Case Insensitivity Clarification (D. Eastlake; 2004)
  • DNSSEC NSEC RDATA Format (J. Schlyter, 2004)
  • Automated Updates of DNSSEC Trust Anchors (M. StJohns, 2004)
  • Threat Analysis Of The Domain Name System (D. Atkins, R. Austein; 2004), and a page showing the differences between version -06 and -07
  • Domain Name Auto-Registration for Plugged-in IPv6 Nodes (H. Kitamura; 2003)
  • Using DNSSEC-secured NOTIFY to Trigger Parent Zone Updating (M. StJohns; 2003)
  • IPv6 Extensions for DNS Plug and Play (S. Park, S. Madanapalli; 2003)
  • DNS Extensions to support IP version 6 (S. Thomson, C. Huitema et al.; 2003)
  • GSS Algorithm for TSIG (GSS-TSIG) (S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, R. Hall; 2003)
  • DNSSec Opt In  (R. Arends, M. Kosters, D. Blacka; 2003) - This draft is likely moving to INFORMATIONAL, rather than standards track.
  • DNS Resolution of Networks and Gateways (E. Warnicke; 2003)
  • DNS Configuration options for DHCPv6 (R. Droms (ed.); 2003)
  • DNS Security Document Roadmap (S. Rose; 2003)
  • Requirements for Access Control in Domain Name Systems (T. Baba; 2003)
  • The DISCOVER opcode (B. Manning, P. Vixie, E. Guttman; 2003)
  • Domain Name Auto-Registration for Plugged-in IPv6 Nodes (H. Kitamura; 2002)
  • DNS Zone Transfer Protocol Clarifications (A. Gustafsson; 2002)
  • DNSSEC Wildcard optimization (O. Kolkman et al.; 2002)
  • Identifying an Authoritative Name Server (D. Conrad; 2002)

• DNS Operations WG

  • IPv6 DNS transition issues (A. Durand, J. Ihren; 2003)
  • An Interim Scheme for Signing the Public DNS Root (J. Ihren; 2003)
  • The Autoconfiguration of Recursive DNS Server and the Optimization of DNS Name Resolution in Hierarchical Mobile IPv6 (Jae-Hoon Jeong, Jung-Soo Park, Kyeong-Jin Lee, Hyoung-Jun Kim; 2003)
  • Root Name Servers with Inter Domain Anycast Addresses (M. Ohta; 2002)
  • IPv6 DNS transition issues (A. Durand; 2002)
  • Distributing Authoritative Name Servers via Shared Unicast Addresses (T. Hardie; 2002)

• Other Drafts

  • Using DNS to securely publish SSH key fingerprints (J. Schlyter, W. Griffin; 2002)
  • DNS SRV Location of Higher Level Services (D. Eastlake; 2002)
  • Indicating Resolver Support for AAAA Records (J. Reid, S. Woolf; 2002)
  • http://www.ietf.org/shadow.html

Related Standards

• RFC 1123 - Requirements for Internet Hosts -- Application and Support (R. Braden, 1989)
• RFC 1321 - The MD5 Message-Digest Algorithm (R. Rivest; 1992)
• RFC 1480 - The US Domain (J. Postel; 1993)
• RFC 1519 - Classless Inter-Domain Routing (V. Fuller, T. Li, J. Yu, K. Varadhan; 1993)
• 1591 - Domain Name System Structure and Delegation (J. Postel; 1994)
• RFC 1750 - Randomness Recommendations for Security (D. Eastlake 3rd, S. Crocker, J. Schiller; 1994)
• RFC 1860 - Variable Length Subnet Table For IPv4 (T. Pummill, B. Manning; 1995)
• RFC 1918 - BCP0005 - Private Network Numbers (Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, E. Lear;1996)
• RFC 2026 - The Internet Standards Process -- Revision 3 (S. Bradner; 1996)
• RFC 2104 - HMAC: Keyed-Hashing for Message Authentication (H. Krawczyk, M. Bellare, R. Canetti; 1997)
• RFC 2119 - Key words for use in RFCs to Indicate Requirement Levels (S. Bradner; 1997)
• RFC 2620 - Reserved Top Level DNS Names (D. Eastlake, A. Panitz; 1999)
IPv6 References
• RFC 2461 - Neighbor Discovery for IPv6 (Narten, et. al.; 1998)

Historical Standards

• RFC 920 - Political Decisions about top-level of DNS tree (;)
• RFC 1031 - MILNET conversion (;)
• RFC 1032 - Top-level domain policy (;)
• 2065 - Domain Name System Security Extensions (D. Eastlake 3rd, C. Kaufman; 1997) (obsoleted by 2535)
• 2010 - Operational Criteria for Root Name Servers (B. Manning, P. Vixie; 1996) (obsoleted by 2870)
• RFC 2137 - (Obsolete) Secure Domain Name System Dynamic Update (D. Eastlake 3rd; 1997)
• RFC 2537 - RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) (D. Eastlake; 1999) (obsoleted by 3110

Normal Startup Page