This appears to be every RFC from rfc-editor.org which has DNSSEC in the abstract or title
Number | Title | Included? | Reasons | More Info | Status |
---|---|---|---|---|---|
RFC 9276 a.k.a. BCP 236 | Guidance for NSEC3 Parameter Settings | Yes | Errata | Best Current Practice | |
RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | Relevant | Proposed Standard | |
RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental |
RFC 9077 | NSEC and NSEC3: TTLs and Aggressive Use | Yes | Updates RFC 4034, RFC 4035, RFC 5155, RFC 8198 | Proposed Standard | |
RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard |
RFC 8901 | Multi-Signer DNSSEC Models | Yes | Relevant | Informational | |
RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | Updates RFC 6698, RFC 6840 | Proposed Standard | |
RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | Informational | |
RFC 8624 | Algorithm Implementation Requirements and Usage Guidance for DNSSEC | Yes | Errata, Obsoletes RFC 6944, Updated by RFC 9157 |
Proposed Standard | |
RFC 8509 | A Root Key Trust Anchor Sentinel for DNSSEC | Yes | Trust Anchor | Proposed Standard | |
RFC 8483 | Yeti DNS Testbed | No | Not Relevant | Informational | |
RFC 8198 | Aggressive Use of DNSSEC-Validated Cache | Yes | Updates RFC 4035, Updated by RFC 9077 |
Proposed Standard | |
RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | Yes | Trust Anchor | Updated by RFC 8553 | Proposed Standard |
RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | Errata | Proposed Standard | |
RFC 8078 | Managing DS Records from the Parent via CDS/CDNSKEY | Yes | Errata, Updates RFC 7344 |
Proposed Standard | |
RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Yes | Relevant | Errata | Best Current Practice |
RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | Yes | Errata | Informational | |
RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | Experimental | |
RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | Proposed Standard | |
RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | Yes | Trust Anchor | Informational | |
RFC 7583 | DNSSEC Key Rollover Timing Considerations | Yes | Relevant | Informational | |
RFC 7344 | Automating DNSSEC Delegation Trust Maintenance | Yes | Updated by RFC 8078 | Proposed Standard (changed from Informational March 2017) | |
RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard |
RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard |
RFC 7129 | Authenticated Denial of Existence in the DNS | Yes | Relevant | Informational | |
RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | Yes | Proposed Standard | ||
RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624, Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 |
Proposed Standard |
RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata, Obsoleted by RFC 8659 |
Proposed Standard |
RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | Informational | |
RFC 6840 | Clarifications and Implementation Notes for DNS Security (DNSSEC) | Yes | Errata, Updates RFC 4033, RFC 4034, RFC 4035, RFC 5155, Updated by RFC 8749 |
Proposed Standard | |
RFC 6781 | DNSSEC Operational Practices, Version 2 | Yes | Errata, Obsoletes RFC 4641 |
Informational | |
RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | Yes | Proposed Standard | ||
RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | No | Errata, Updated by RFC 7218, RFC 7671, RFC 8749 |
Proposed Standard | |
RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | Proposed Standard | ||
RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard |
RFC 5910 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Not Relevant | Errata, Obsoletes RFC 4310 |
Proposed Standard |
RFC 5702 | Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC | Yes | Updated by RFC 6944 | Proposed Standard | |
RFC 5155 | DNS Security (DNSSEC) Hashed Authenticated Denial of Existence | Yes | Errata, Updated by RFC 6840, RFC 6944, RFC 9077, RFC 9157 |
Proposed Standard | |
RFC 5074 | DNSSEC Lookaside Validation (DLV) | No | Historic | Historic (changed from Informational September 2019) | |
RFC 5011 a.k.a. STD 74 | Automated Updates of DNS Security (DNSSEC) Trust Anchors | Yes | Internet Standard (changed from Proposed Standard January 2013) | ||
RFC 4986 | Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover | No | Trust Anchor not relevant | Informational | |
RFC 4956 | DNS Security (DNSSEC) Opt-In | No | Not Relevant | Errata | Experimental |
RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | Proposed Standard | |
RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata, Obsoletes RFC 2541, Obsoleted by RFC 6781 |
Informational |
RFC 4509 | Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) | Yes | Errata | Proposed Standard | |
RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | Experimental | |
RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | Yes | Relevant | Errata, Updates RFC 4035, RFC 4034 |
Proposed Standard |
RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | Historic (changed from Informational November 2019) | |
RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard |
RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard |
RFC 4035 | Protocol Modifications for the DNS Security Extensions | Yes | Errata, Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845, Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226, Updated by RFC 4470, RFC 6014, RFC 6840, RFC 8198, RFC 9077 |
Proposed Standard | |
RFC 4034 | Resource Records for the DNS Security Extensions | Yes | Errata, Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845, Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226, Updated by RFC 4470, RFC 6014, RFC 6840, RFC 6944, RFC 9077 |
Proposed Standard | |
RFC 4033 | DNS Security Introduction and Requirements | Yes | Errata, Obsoletes RFC 2535, RFC 3008, RFC 3090, RFC 3445, RFC 3655, RFC 3658, RFC 3755, RFC 3757, RFC 3845, Updates RFC 1034, RFC 1035, RFC 2136, RFC 2181, RFC 2308, RFC 3225, RFC 3597, RFC 3226, Updated by RFC 6014, RFC 6840 |
Proposed Standard | |
RFC 3845 | DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3755, RFC 2535 |
Proposed Standard |
RFC 3757 | Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag | No | Obsoleted | Errata, Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3755, RFC 2535 |
Proposed Standard |
RFC 3755 | Legacy Resolver Compatibility for Delegation Signer (DS) | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3658, RFC 2535, Updated by RFC 3757, RFC 3845 |
Proposed Standard |
RFC 3226 | DNSSEC and IPv6 A6 aware server/resolver message size requirements | No | Not Relevant | Errata, Updates RFC 2535, RFC 2874, Updated by RFC 4033, RFC 4034, RFC 4035 |
Proposed Standard |
RFC 3225 | Indicating Resolver Support of DNSSEC | Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard | ||
RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | Informational | |
RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034, Updates RFC 2535, Updated by RFC 3658 |
Proposed Standard |
RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137, Updates RFC 2535, RFC 2136 |
Proposed Standard |