DNS Security Extensions (DNSSEC)

Introduction The core specification for what we know as DNSSEC (the combination of , , and ) describes a set of protocols that provides origin authentication to data in the DNS. updates and extends those core RFCs, but does not fundamentally change the way that DNSSEC works. This document lists many (but not all) of the RFCs that should be considered by someone creating an implementation of, or someone deploying, modern DNSSEC. It uses terminology from those documents without defining that terminology. It also points to the relevant IANA registries that relate to DNSSEC. It does not, however, point to standards that rely on zones needing to be signed by DNSSEC.

DNSSEC as a Best Current Practice The DNSSEC set of protocols is widely considered the best current practice for adding origin authentication of data in the DNS. To date, no standards-track RFCs offer any other method for such origin authentication of data in the DNS. Some observers note that, more than 15 years after the DNSSEC specification was published, it is still not widely deployed. Recent estimates are that fewer than 10% of the domain names used for web sites are signed, and only around a third of queries to recursive resolvers are validated. However, this low level of implementation does not affect whether DNSSEC is a best current practice; it just indicates that the value of deploying DNSSEC is often considered lower than the cost.

DNSSEC Core Documents What we today call "DNSSEC" is formally version 3 of the DNSSEC specification. However, earlier versions of DNSSEC were thinly deployed and significantly less visible than the current DNSSEC specification. Throughout this document, "DNSSEC" means the version of the protocol initially defined in , , and . The three initial core documents generally cover different topics: is an overview of DNSSEC, including how it might change the resolution of DNS queries. specifies the DNS resource records used in DNSSEC. It obsoletes many RFCs for earlier versions of DNSSEC. covers the modifications to the DNS protocol incurred by DNSSEC. These include signing zones, serving signed zones, resolving in light of DNSSEC, and authenticating DNSSEC-signed data. At the time this set of core documents was published, someone could create a DNSSEC implementation of signing software, of an DNSSEC-aware authoritative server, and/or a DNSSEC-aware recursive resolver from the three core documents plus a few older RFCs specifying the cryptography used. Those two older documents are: defines how to use the DSA signature algorithm (although refers to other documents for the details). DSA was thinly implemented and can safely be ignored by DNSSEC implementations defines how to use the RSA signature algorithm (although refers to other documents for the details). RSA is still the most popular signing algorithm for DNSSEC.

Addition to the DNSSEC Core As with any major protocol, developers and operators discovered issues with the original core documents over the years. is an omnibus update to the original core documents and thus itself has become a core document. In addition to covering new requirements from new DNSSEC RFCs, it describes many important security and interoperability issues that arose during the deployment of the initial specifications, particularly after the DNS root was signed in 2010. It also lists some errors in the examples of the core specifications. brings a few additions into the core of DNSSEC. It makes NSEC3 as much a part of DNSSEC as NSEC is. It also makes the SHA-2 hash function defined in and part of the core as well. # Cryptographic Algorithms and DNSSEC Cryptography improves over time, and new algorithms get adopted by various Internet protocols. Two new signing algorithms have been adopted by the DNSSEC community: ECDSA and EdDSA . The GOST signing algorithm was also adopted, but has seen very limited use, likely because it is a national algorithm specific to a very small number of countries. Implementation developers who want to know which algorithms to implement in DNSSEC software should refer to . Note that this specification is only about what algorithms should and should not be included in implementations: it is not advice for which algorithms that zone operators should and should not sign with, nor which algorithms recursive resolver operators should or should not validate.

Extensions to DNSSEC The DNSSEC community has extended the DNSSEC core and the cryptographic algorithms both in terms of describing good operational practices and in new protocols. Some of the RFCs that describe these extensions include: explains how recursive resolvers and the DNS root can work together to automate the rollover of the root's key signing key (KSK). is a compendium of operational practices that may not be obvious from reading just the core specifications. describes using the CDS and CDNSKEY resource records to help automate the creation of DS records in the parents of signed zones. extends by showing how to do initial setup of trusted relationships between signed parent and child zones. describes how a validating resolver can emit fewer queries in signed zones that use NSEC for negative caching. updates with respect to the time-to-live (TTL) fields in signed records.

IANA Considerations IANA already has two registries that relate to DNSSEC: DNSSEC algorithm numbers (https://www.iana.org/assignments/dns-sec-alg-numbers) and DNSSEC NSEC3 parameters (https://www.iana.org/assignments/dnssec-nsec3-parameters). The rules for the DNSSEC algorithm registry were set in the core RFCs and updated by and . This document does not create any new IANA considerations.

Security Considerations All of the security considerations from all of the RFCs referenced in this document apply here.