rfc-compliance revision 364162f4ae54b4c3a7602cec9add2aa9b3a89ad2
dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian WellingtonCopyright (C) 2001 Internet Software Consortium.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas GustafssonSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas GustafssonBIND 9 is striving for strict compliance with IETF standards. We
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonbelieve this release of BIND 9 complies with the following RFCs, with
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonthe caveats and exceptions listed in the numbered notes below. Note
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonthat a number of these RFCs do not have the status of Internet
230f8da57ce436687289c928c209a5b90979dbbaMark Andrewsstandards but are proposed or draft standards, experimental RFCs,
230f8da57ce436687289c928c209a5b90979dbbaMark Andrewsor Best Current Practice (BCP) documents. The list is non exhaustive.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson RFC1035 [1] [2]
c3a56b9ab3f7ddf433a9d22b6a4e9db42155be4bAndreas Gustafsson RFC2535 [3] [4]
230f8da57ce436687289c928c209a5b90979dbbaMark AndrewsThe following DNS related RFC have been obsoleted
230f8da57ce436687289c928c209a5b90979dbbaMark Andrews RFC2537 (Obsoleted by 3110)
230f8da57ce436687289c928c209a5b90979dbbaMark Andrews RFC3152 (Obsoleted by 3596)
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson[1] Queries to zones that have failed to load return SERVFAIL rather
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonthan a non-authoritative response. This is considered a feature.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson[2] CLASS ANY queries are not supported. This is considered a feature.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson[3] Wildcard records are not supported in DNSSEC secure zones.
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson[4] Servers authoritative for secure zones being resolved by BIND 9
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonmust support EDNS0 (RFC2671), and must return all relevant SIGs and
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas GustafssonNXTs in responses rather than relying on the resolving server to
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafssonperform separate queries for missing SIGs and NXTs.
c3a56b9ab3f7ddf433a9d22b6a4e9db42155be4bAndreas Gustafsson[5] When receiving a query signed with a SIG(0), the server will only
c3a56b9ab3f7ddf433a9d22b6a4e9db42155be4bAndreas Gustafssonbe able to verify the signature if it has the key in its local
c3a56b9ab3f7ddf433a9d22b6a4e9db42155be4bAndreas Gustafssonauthoritative data; it will not do recursion or validation to
c3a56b9ab3f7ddf433a9d22b6a4e9db42155be4bAndreas Gustafssonretrieve unknown keys.
230f8da57ce436687289c928c209a5b90979dbbaMark Andrews[6] Section 4 is ignored.
230f8da57ce436687289c928c209a5b90979dbbaMark Andrews[7] Requires --with-idn to enable entry of IDN labels within dig,
230f8da57ce436687289c928c209a5b90979dbbaMark Andrewshost and nslookup at compile time. ACE labels are supported
230f8da57ce436687289c928c209a5b90979dbbaMark Andrewseverywhere with or without --with-idn.