DK-Hostmaster/dkhm-name-service-specification

Public specification of some of the general technical aspects of the DK Hostmaster DNS

DK Hostmaster Name Service Specification

2021-08-24 Revision: 2.2

Table of Contents

• Introduction
  • About this document
  • License
  • Document History
• The .dk Registry in Brief
• Name Service
  • Domain Names
  • Glue Records
  • Required Amount of Name Servers
  • Required Responsiveness
• DNSSEC
• Supported DNSSEC implementations
  • Supported Algorithms
  • Supported Digest Types
• References

Introduction

General specification of some of the technical aspects of the DK Hostmaster DNS

About this document

This specification describes the DK Hostmaster General name service.

This document is owned and maintained by DK Hostmaster A/S and must not be distributed without this information.

All examples provided in the document are fabricated or changed from real data to demonstrate use etc. any resemblance to actual data are coincidental.

Printable version can be obtained via this link, using the gitprint service.

License

This document is copyright by DK Hostmaster A/S and is licensed under the MIT License, please see the separate LICENSE file for details.

Document History

2.2 2021-08-24

• Corrected maximum number of name servers after feedback, the maximum number has not been increased at the time of writing

2.1 2021-08-23

• Added section and clarification on the minimum and maximum number of name servers for a given domain name
• Added section and clarification on the requirement for name servers to be responsive for a given domain name
• More information on the topics will be added later

2.0 2020-12-14

• Introducing an extension to the IDN character set supported by the DK Hostmaster registry; ß
• The character is supported from the 1st. of January 2021

1.0 2016-09-14

• Initial revision

The .dk Registry in Brief

DK Hostmaster is the registry for the ccTLD for Denmark (dk). The current model used in Denmark is based on a sole registry, with DK Hostmaster maintaining the central DNS registry.

Name Service

Domain Names

A domain name can consist of the following characters:

• a-z

• æ, ø, å, ö, ä, ü, é and ß

• 0-9

• - (hyphen)

• Hyphen cannot be placed first or last in the domain name.

• A domain name can not have 2 initial alphanumeric characters followed by 2 hyphens, such as: xn--4cabco7dk5a.dk, the IDN encoded version of the domain name: æøåöäüé.dk since this would indicate IDN encoding (punycode)

Glue Records

DK Hostmaster use DNS glue records as described in draft-koch-dns-glue-clarifications as a narrow glue record policy.

This means that a glue record is only inserted in the DK zone if a name server is name server for the domain to which the name server itself is a child.

An example of when glue records inserted in the DK zone:

• If ns.eksempel.dk is name server for eksempel.dk, a glue record is inserted for ns.eksempel.dk
• If ns.some.sub.domain.eksempel.dk act as name server for the domain name eksempel.dk, a glue record is inserted for ns.some.sub.domain.eksempel.dk

An example of when a glue record is not inserted to the DK zone:

• If ns1.example.com is name server for eksempel.dk glue record is not inserted for ns1.example.com.
• If ns1.enisp.dk is name server for eksempel.dk a glue record is not inserted for ns1.enisp.dk, unless if the name server is also name server for enisp.dk.

Please note that the above names are examples and do not relate to active domain names.

Required Amount of Name Servers

The minimum required number of name servers for a domain name registered with the DK Hostmaster registry is 2.

Specifying fewer name servers at either registration time or in a name server change operation will result in an error.

The maximum number of name servers for a domain name registered with the DK Hostmaster registry is 7.

Specifying more name servers at either registration time or in a name server change operation will result in an error.

Required Responsiveness

At least two of the name servers specified at registration time or via a name server change operation are queried for responsiveness and the name servers have to respond for the domain name in question.

Failure to adhere to this rule can result in error for the designated operation.

DNSSEC

Supported DNSSEC implementations

In accordance with RFC:5910. DK Hostmaster only support DS and not DNSKEY.

In addition the maximum signature lifetime is not supported, for EPP please see section 3.3 in RFC:5910.

Supported Algorithms

DK Hostmaster currently support the following algorithms from the IANA algorithm listing:

• 3 DSA (DSA/SHA1) RFC:3110 - do note that use of this algorithm is not recommended since it is deprecated
• 5 RSASHA1 (RSA/SHA-1) RFC:2539
• 6 DSA-NSEC3-SHA1 (DSA-NSEC3-SHA1) RFC:5155
• 7 RSASHA1-NSEC3-SHA1 (RSASHA1-NSEC3-SHA1) RFC:5155
• 8 RSA/SHA-256 RFC:5702
• 10 RSA/SHA-512 RFC:5702
• 13 ECDSA Curve P-256 with SHA-256 RFC:6605
• 14 ECDSA Curve P-384 with SHA-384 RFC:6605

Supported Digest Types

• 1 SHA-1 RFC:4509
• 2 SHA-256 RFC:4509
• 4 SHA-384 RFC:6605

References

• DNS Glue RR Survey and Terminology Clarification

• RFC:5910 Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)

• Domain Name System Security (DNSSEC) Algorithm Numbers