BEST CURRENT PRACTICE

Internet Engineering Task Force (IETF) M. Blanchet Request for Comments: 7720 Viagenie BCP: 40 L-J. Liman Obsoletes: 2870 Netnod Category: Best Current Practice December 2015 ISSN: 2070-1721 DNS Root Name Service Protocol and Deployment Requirements Abstract The DNS root name service is a critical part of the Internet architecture. The protocol and deployment requirements for the DNS root name service are defined in this document. Operational requirements are out of scope. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7720. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Blanchet & Liman Best Current Practice [Page 1]

RFC 7720 Root Name Service Requirements December 2015 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Relationship to RFC 2870 . . . . . . . . . . . . . . . . 2 2. Protocol Requirements . . . . . . . . . . . . . . . . . . . . 3 3. Deployment Requirements . . . . . . . . . . . . . . . . . . . 3 4. Security Considerations . . . . . . . . . . . . . . . . . . . 3 5. Informative References . . . . . . . . . . . . . . . . . . . 4 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1 . Introduction RFC2870] discusses protocol and operational requirements for root name servers for the Internet's domain name system (DNS) protocol [RFC1035]. Since its publication, both protocol and operational requirements have evolved. It makes more sense now to separate the two sets of requirements into two separate documents. This document only defines the protocol requirements and some deployment requirements. The operational requirements that were defined in RFC 2870 have been removed. Operational requirements are now defined by the Root Server System Advisory Committee of ICANN and are documented in [RSSAC-001]. The root servers are authoritative servers of the unique [RFC2826] root zone (".") [ROOTZONE]. They currently also serve the root- servers.net zone. Some also serve the zone for the .arpa top-level domain [ARPAZONE] [RFC3172]. This document describes the external interface of the root name servers from a protocol viewpoint of the service. It specifies basic requirements for the Internet that DNS clients meet when interacting with a root name service over the public Internet. The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in BCP 14, [RFC2119]. 1.1 . Relationship to RFC 2870 RFC2870]. This document and [RSSAC-001] together functionally replace [RFC2870]. Blanchet & Liman Best Current Practice [Page 2]

RFC 7720 Root Name Service Requirements December 2015 2 . Protocol Requirements RSSAC-001]. The root name service: o MUST implement core DNS [RFC1035] and clarifications to the DNS [RFC2181]. o MUST support IPv4 [RFC791] and IPv6 [RFC2460] transport of DNS queries and responses. o MUST support UDP [RFC768] and TCP [RFC793] transport of DNS queries and responses. o MUST generate checksums when sending UDP datagrams and MUST verify checksums when receiving UDP datagrams containing a non-zero checksum. o MUST implement DNSSEC [RFC4035] as an authoritative name service. o MUST implement extension mechanisms for DNS (EDNS(0)) [RFC6891]. 3 . Deployment Requirements RFC1122] with a valid IP address. o MUST serve the unique [RFC2826] root zone [ROOTZONE]. 4 . Security Considerations RFC2826]. Specific security considerations on the DNS protocols are discussed in their respective specifications. The security considerations on the operational side of the root name servers are discussed in [RSSAC-001]. Blanchet & Liman Best Current Practice [Page 3]

RFC 7720 Root Name Service Requirements December 2015 http://viagenie.ca Lars-Johan Liman Netnod Internet Exchange Box 30194 SE-104 25 Stockholm Sweden Email: liman@netnod.se URI: http://www.netnod.se/ Blanchet & Liman Best Current Practice [Page 6]