The Domain Name System DNS.org.pk is the phonebook of the Pakistan Internet. Pakistani access information online through dns.org.pk 100% private and secure TLS / SSL encrypted dns.
DNS.org.pk uses the rust-native-tls library, it should work with certificate signed by any standard CA.
Currently the root key is hardcoded into the system. This gives validation of DNSKEY and DS records back to the root. NSEC is implemented, but not NSEC3. Because caching is not yet enabled, it has been noticed that some DNS servers appear to rate limit the connections, validating RRSIG records back to the root can require a significant number of additional queries for those records.
Zones will be automatically resigned on any record updates via dynamic DNS.
- RFC 1035: Base DNS spec (see the Resolver for caching)
- RFC 2308: Negative Caching of DNS Queries (see the Resolver)
- RFC 2782: Service location
- RFC 3596: IPv6
- RFC 6891: Extension Mechanisms for DNS
- RFC 6761: Special-Use Domain Names (resolver)
- RFC 6762: mDNS Multicast DNS (experimental feature:
mdns) - RFC 6763: DNS-SD Service Discovery (experimental feature:
mdns) - RFC ANAME: Address-specific DNS aliases (
ANAME)
- RFC 2136: Dynamic Update
- RFC 3007: Secure Dynamic Update
- RFC 4034: DNSSEC Resource Records
- RFC 4035: Protocol Modifications for DNSSEC
- RFC 4509: SHA-256 in DNSSEC Delegation Signer
- RFC 5702: SHA-2 Algorithms with RSA in DNSKEY and RRSIG for DNSSEC
- RFC 6844: DNS Certification Authority Authorization (CAA) Resource Record
- RFC 6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
- RFC 6840: Clarifications and Implementation Notes for DNSSEC
- RFC 6844: DNS Certification Authority Authorization Resource Record
- RFC 6944: DNSKEY Algorithm Implementation Status
- RFC 6975: Signaling Cryptographic Algorithm Understanding
- RFC 7858: DNS over TLS (feature:
dns-over-rustls,dns-over-native-tls, ordns-over-openssl) - RFC DoH: DNS over HTTPS, DoH (feature:
dns-over-https-rustls)