This is derived from a list of every RFC from rfc-editor.org which has DNSSEC in the abstract or title.
It has all the RFCs already in [https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bcp/] removed, and has comments on removal from Paul Wouters and Paul Hoffman.
Number | Title | Included? | Reasons | More Info | Status |
---|---|---|---|---|---|
RFC 9157 | Revised IANA Considerations for DNSSEC | Yes | IANA section | Updates RFC 5155, RFC 6014, RFC 8624 | Proposed Standard |
RFC 9102 | TLS DNSSEC Chain Extension | No | Not Relevant | Errata | Experimental |
RFC 8976 | Message Digest for DNS Zones | No | Not Relevant | Errata | Proposed Standard |
RFC 8901 | Multi-Signer DNSSEC Models | Yes | Informational | ||
RFC 8749 | Moving DNSSEC Lookaside Validation (DLV) to Historic Status | No | Updates RFC 6698, RFC 6840 | Proposed Standard | |
RFC 8683 | Additional Deployment Guidelines for NAT64/464XLAT in Operator and Enterprise Networks | No | Not Relevant | Informational | |
RFC 8509 | A Root Key Trust Anchor Sentinel for DNSSEC | No | Trust Anchor | Proposed Standard | |
RFC 8483 | Yeti DNS Testbed | No | Not Relevant | Informational | |
RFC 8145 | Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) | No | Trust Anchor | Updated by RFC 8553 | Proposed Standard |
RFC 8080 | Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC | Yes | Errata | Proposed Standard | |
RFC 8027 a.k.a. BCP 207 | DNSSEC Roadblock Avoidance | Yes | Errata | Best Current Practice | |
RFC 7958 | DNSSEC Trust Anchor Publication for the Root Zone | No | Errata | Informational | |
RFC 7901 | CHAIN Query Requests in DNS | No | EDNS Option | Experimental | |
RFC 7828 | The edns-tcp-keepalive EDNS0 Option | No | EDNS Option | Proposed Standard | |
RFC 7646 | Definition and Use of DNSSEC Negative Trust Anchors | No | Trust Anchor | Informational | |
RFC 7583 | DNSSEC Key Rollover Timing Considerations | Yes | Informational | ||
RFC 7250 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | No | Not Relevant | Errata | Proposed Standard |
RFC 7218 | Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) | No | Not Relevant | Updates RFC 6698 | Proposed Standard |
RFC 7129 | Authenticated Denial of Existence in the DNS | Yes | Informational | ||
RFC 6975 | Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) | Proposed Standard | |||
RFC 6944 | Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status | No | Obsoleted | Errata,Obsoleted by RFC 8624, Updates RFC 2536, RFC 2539, RFC 3110, RFC 4034, RFC 4398, RFC 5155, RFC 5702, RFC 5933 |
Proposed Standard |
RFC 6844 | DNS Certification Authority Authorization (CAA) Resource Record | No | Obsoleted | Errata, Obsoleted by RFC 8659 |
Proposed Standard |
RFC 6841 | A Framework for DNSSEC Policies and DNSSEC Practice Statements | No | Not Relevant | Informational | |
RFC 6725 | DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates | Proposed Standard | |||
RFC 6698 | The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA | Errata, Updated by RFC 7218, RFC 7671, RFC 8749 |
Proposed Standard | ||
RFC 6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | Yes | Proposed Standard | ||
RFC 6604 | xNAME RCODE and Status Bits Clarification | No | Not Relevant | Updates RFC 1035, RFC 2308, RFC 2672 | Proposed Standard |
RFC 6014 | Cryptographic Algorithm Identifier Allocation for DNSSEC | Yes | IANA section | Updates RFC 4033, RFC 4034, RFC 4035, Updated by RFC 9157 |
Proposed Standard |
RFC 5933 | Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC | No (not relevant to readers of draft-ietf-dnsop-dnssec-bcp) | Updated by RFC 6944 | Proposed Standard | |
RFC 5910 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Not Relevant | Errata, Obsoletes RFC 4310 |
Proposed Standard |
RFC 5074 | DNSSEC Lookaside Validation (DLV) | No | Historic | Historic (changed from Informational September 2019) | |
RFC 4986 | Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover | No | Trust Anchor not relevant | Informational | |
RFC 4956 | DNS Security (DNSSEC) Opt-In | No | Not Relevant | Errata | Experimental |
RFC 4955 | DNS Security (DNSSEC) Experiments | No | Not Relevant | Proposed Standard | |
RFC 4641 | DNSSEC Operational Practices | No | Obsoleted | Errata, Obsoletes RFC 2541, Obsoleted by RFC 6781 |
Informational |
RFC 4471 | Derivation of DNS Name Predecessor and Successor | No | Not Relevant | Experimental | |
RFC 4470 | Minimally Covering NSEC Records and DNSSEC On-line Signing | Yes | Errata, Updates RFC 4035, RFC 4034 |
Proposed Standard | |
RFC 4431 | The DNSSEC Lookaside Validation (DLV) DNS Resource Record | No | Historic | Historic (changed from Informational November 2019) | |
RFC 4310 | Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) | No | Obsoleted | Obsoleted by RFC 5910 | Proposed Standard |
RFC 4255 | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | No | Not Relevant | Errata | Proposed Standard |
RFC 3845 | DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3755, RFC 2535 |
Proposed Standard |
RFC 3757 | Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag | No | Obsoleted | Errata, Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3755, RFC 2535 |
Proposed Standard |
RFC 3755 | Legacy Resolver Compatibility for Delegation Signer (DS) | No | Obsoleted | Obsoleted by RFC 4033, RFC 4034, RFC 4035, Updates RFC 3658, RFC 2535, Updated by RFC 3757, RFC 3845 |
Proposed Standard |
RFC 3226 | DNSSEC and IPv6 A6 aware server/resolver message size requirements | No | Not Relevant | Errata, Updates RFC 2535, RFC 2874, Updated by RFC 4033, RFC 4034, RFC 4035 |
Proposed Standard |
RFC 3225 | Indicating Resolver Support of DNSSEC | Updated by RFC 4033, RFC 4034, RFC 4035 | Proposed Standard | ||
RFC 3130 | Notes from the State-Of-The-Technology: DNSSEC | No | Not Relevant | Informational | |
RFC 3008 | Domain Name System Security (DNSSEC) Signing Authority | No | Obsoleted | Obsoleted by RFC 4035, RFC 4033, RFC 4034, Updates RFC 2535, Updated by RFC 3658 |
Proposed Standard |
RFC 3007 | Secure Domain Name System (DNS) Dynamic Update | No | Not Relevant | Obsoletes RFC 2137, Updates RFC 2535, RFC 2136 |
Proposed Standard |