TLDFYI

Technical Standards

RFCs, internationalized domain names (IDN), Punycode, RDAP, and related standards.

RDAP (Registration Data Access Protocol)

Modern, structured replacement for WHOIS using JSON over HTTPS.

EPP (Extensible Provisioning Protocol)

Protocol for registrar-registry communication to manage domains.

IDN (Internationalized Domain Name)

Domain name containing non-ASCII characters from various writing systems.

Punycode

ASCII encoding for internationalized domain names (xn-- prefix).

TTL (Time To Live)

DNS record value specifying cache duration in seconds.

Anycast DNS

Network method routing DNS queries to the nearest of multiple servers.

DNS-over-HTTPS (DoH)

Protocol encrypting DNS queries over HTTPS for privacy.

DNS-over-TLS (DoT)

Protocol encrypting DNS queries over TLS on port 853.

Data Escrow

ICANN-required backup of registration data with a trusted third party.

DNS Propagation

Time for DNS changes to spread across all resolvers worldwide.

Wildcard DNS Record

DNS record using * to match all undefined subdomains.

Glue Record

A/AAAA record in parent zone preventing circular nameserver dependencies.

RFC (Request for Comments)

IETF formal document defining internet protocols and standards.

IDNA (Internationalized Domain Names in Applications)

Technical framework governing how international characters are validated and encoded in domain names.

WHOIS Protocol

Plain-text domain lookup protocol on TCP port 43, being replaced by RDAP.

DNS-over-QUIC (DoQ)

DNS encryption over QUIC (UDP port 853), offering lower latency than DoH or DoT.

ECS (EDNS Client Subnet)

DNS extension sharing partial client IP with authoritative servers for geolocation-based responses.

TSIG (Transaction Signature)

Shared-secret HMAC mechanism authenticating DNS messages between servers.

AXFR / IXFR (Zone Transfer)

Protocol for replicating DNS zone data from primary to secondary nameservers.

NSEC / NSEC3 (DNSSEC Denial of Existence)

DNSSEC record types cryptographically proving a domain name does not exist.

DNSKEY Record

DNS record holding the public key used to verify DNSSEC signatures in a zone.

RRSIG Record

Cryptographic signature record attached to DNS record sets for DNSSEC validation.