DNSSEC RFCs

DNSSEC was originally specified in the following three RFCs:

• RFC 4033 - DNS Security Introduction and Requirements
• RFC 4034 - Resource Records for the DNS Security Extensions
• RFC 4035 - Protocol Modifications for the DNS Security Extensions

Subsequently, the following additional RFCs have been issued related to DNSSEC:

• RFC 4470 - Minimally Covering NSEC Records and DNSSEC On-line Signing
• RFC 4641 - DNSSEC Operational Practices
• RFC 5155 - DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
• RFC 6014 - Cryptographic Algorithm Identifier Allocation for DNSSEC

Another RFC that may be of interest is:

• RFC 4398 - Storing Certificates in the Domain Name System (DNS)