Public specification of some of the general technical aspects of the DK Hostmaster DNS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
TODO.md

README.md

DK Hostmaster Name Service Specification

2016-09-14 Revision: 1.0 DRAFT

Table of Contents

Introduction

General specification of some of the technical aspects of the DK Hostmaster DNS

About this document

This specification describes the DK Hostmaster General name service.

This document is owned and maintained by DK Hostmaster A/S and must not be distributed without this information.

All examples provided in the document are fabricated or changed from real data to demonstrate use etc. any resemblence to actual data are coincidental.

Printable version can be obtained via this link, using the gitprint service.

License

This document is copyright by DK Hostmaster A/S and is licensed under the MIT License, please see the separate LICENSE file for details.

The .dk Registry in Brief

DK Hostmaster is the registry for the ccTLD for Denmark (dk). The current model used in Denmark is based on a sole registry, with DK Hostmaster maintaining the central DNS registry.

Name Service

Domain Names

A domain name can consist of the following characters:

  • a-z

  • æ, ø, å, ö, ä, ü and é.

  • 0-9

  • - (hyphen)

  • Hyphen cannot be placed first or last in the domain name.

  • A domain name can not have 2 initial alphanumeric characters followed by 2 hyphens, such as: xn--4cabco7dk5a.dk, the IDN encoded version of the domain name: æøåöäüé.dk since this would indicate IDN encoding (punycode)

Glue Records

DK Hostmaster use DNS glue records as described in draft-koch-dns-glue-clarifications as a narrow glue record policy.

This means that a glue record is only inserted in the DK zone if a name server is name server for the domain to which the name server itself is a child.

An example of when glue records inserted in the DK zone:

  • If ns.eksempel.dk is name server for eksempel.dk, a glue record is inserted for ns.eksempel.dk
  • If ns.some.sub.domain.eksempel.dk act as name server for the domain name eksempel.dk, a glue record is inserted for ns.some.sub.domain.eksempel.dk

An example of when a glue record is not inserted to the DK zone:

  • If ns1.example.com is name server for eksempel.dk glue record is not inserted for ns1.example.com.
  • If ns1.enisp.dk is name server for eksempel.dk a glue record is not inserted for ns1.enisp.dk, unless if the name server is also name server for enisp.dk.

Please note that the above names are examples and do not relate to active domain names.

DNSSEC

Supported DNSSEC implementations

In accordance with RFC:5910. DK Hostmaster only support DS and not DNSKEY.

In addition the maximum signature lifetime is not supported, for EPP please see section 3.3 in RFC:5910.

Supported Algorithms

DK Hostmaster currently support the following algorithms from the IANA algorithm listing:

  • 3 DSA (DSA/SHA1) RFC:3110 - do note that use of this algorithm is not recommended since it is deprecated
  • 5 RSASHA1 (RSA/SHA-1) RFC:2539
  • 6 DSA-NSEC3-SHA1 (DSA-NSEC3-SHA1) RFC:5155
  • 7 RSASHA1-NSEC3-SHA1 (RSASHA1-NSEC3-SHA1) RFC:5155
  • 8 RSA/SHA-256 RFC:5702
  • 10 RSA/SHA-512 RFC:5702
  • 13 ECDSA Curve P-256 with SHA-256 RFC:6605
  • 14 ECDSA Curve P-384 with SHA-384 RFC:6605

Supported Digest Types

References