What standards documents should you read to understand DNS Security Extensions (DNSSEC)? When implementing DNSSEC, which standards document do you need to comply with? Is there any guidance for deploying DNSSEC? How is DNSSEC actually defined?
Answering these questions has been challenging because the information is spread across many standards documents (known as RFCs). Until now!
On 15 February 2023, the Internet Engineering Task Force (IETF) published RFC 9364, also known as Best Current Practice (BCP) 237, which condenses all DNSSEC-related RFCs from the past 26 years into a single document for people to learn about:
- The differences in the core RFCs (4033, 4034, 4035).
- New security and interoperability additions from RFC 6840.
- New cryptographic algorithms that have been added to DNSSEC.
- The use of new resource records (CDS, CDNSKEY) to communicate Delegation Signer (DS) records to a registry (RFC 7344).
- How to implement DNSSEC in their software or deploy it in their network (RFC 6781).
RFC 9364 is a valuable reference you can point people to where they can learn about all the elements of DNSSEC.
We look forward to seeing DNSSEC deployed more over the months and years ahead. You can find our latest DNSSEC measurements on our Enabling Technologies page.