rfc-compliance revision bf4fe7ca1b9c313200aaefec18ac165ce9efc16b
90f35c2f2a1c660f3b96eec413036d238df395f6Francis DupontCopyright (C) 2004, 2015 Internet Systems Consortium, Inc. ("ISC")
010a51c427bfb6ab658fc0056955a1a5b69810beTinderbox UserCopyright (C) 2001 Internet Software Consortium.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis DupontSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater
90f35c2f2a1c660f3b96eec413036d238df395f6Francis DupontBIND 9 is striving for strict compliance with IETF standards. We
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupontbelieve this release of BIND 9 complies with the following RFCs, with
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupontthe caveats and exceptions listed in the numbered notes below. Note
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupontthat a number of these RFCs do not have the status of Internet
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupontstandards but are proposed or draft standards, experimental RFCs,
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupontor Best Current Practice (BCP) documents. The list is non exhaustive.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1034
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1035 [1] [2]
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1123
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1183
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1535
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1536
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1706
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1712
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC1750
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1876
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC1982
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC1995
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC1996
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC2136
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2163
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC2181
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2230
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC2308
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC2536
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2539
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2782
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2915
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2930
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User RFC2931 [5]
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User RFC3007
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User RFC3110
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User RFC3123
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User RFC3225
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User RFC3226
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC3363 [6]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC3490 [7]
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater RFC3491 (Obsoleted by 5890, 5891) [7]
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater RFC3493
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater RFC3496
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater RFC3597
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC3645
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC4025
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC4034
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC4035
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC4074
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC4255
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC4294 - Section 5.1 [8]
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC4343
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC4398
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews RFC4408
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews RFC4431
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater RFC4470 [9]
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC4509
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC4635
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC4701
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC4892
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC4955 [10]
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5001
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5011
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5155
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC5205
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5452 [11]
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5702
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5933 [12]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC5936
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5952
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC5966
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC6052
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater RFC6147 [13]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC6303
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater RFC6605 [14]
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC6672
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC6698
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC6742
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC6840 [15]
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater RFC6844
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User RFC6891
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC7043
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC7314
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC7477
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC7830 [16]
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox UserThe following DNS related RFC have been obsoleted
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC2535 (Obsoleted by 4034, 4035) [3] [4]
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC2537 (Obsoleted by 3110)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC2538 (Obsoleted by 4398)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC2671 (Obsoleted by 6891)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC2672 (Obsoleted by 6672)
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont RFC2673 (Obsoleted by 6891)
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User RFC3008 (Obsoleted by 4034, 4035)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC3152 (Obsoleted by 3596)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC3445 (Obsoleted by 4034, 4035)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC3655 (Obsoleted by 4034, 4035)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User RFC3658 (Obsoleted by 4034, 4035)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC3755 (Obsoleted by 4034, 4035)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC3757 (Obsoleted by 4034, 4035)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User RFC3845 (Obsoleted by 4034, 4035)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[1] Queries to zones that have failed to load return SERVFAIL rather
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userthan a non-authoritative response. This is considered a feature.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[2] CLASS ANY queries are not supported. This is considered a
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userfeature.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[3] Wildcard records are not supported in DNSSEC secure zones.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[4] Servers authoritative for secure zones being resolved by BIND
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User9 must support EDNS0 (RFC2671), and must return all relevant SIGs
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userand NXTs in responses rather than relying on the resolving server
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userto perform separate queries for missing SIGs and NXTs.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[5] When receiving a query signed with a SIG(0), the server will
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Useronly be able to verify the signature if it has the key in its local
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userauthoritative data; it will not do recursion or validation to
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userretrieve unknown keys.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[6] Section 4 is ignored.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User[7] Requires --with-idn to enable entry of IDN labels within dig,
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Duponthost and nslookup at compile time. ACE labels are supported
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Usereverywhere with or without --with-idn.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[8] Section 5.1 - DNAME records are fully supported.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[9] Minimally Covering NSEC Record are accepted but not generated.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[10] Will interoperate with correctly designed experiments.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater[11] Named only uses ports to extend the id space, address are not
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userused.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User[12] Conditional on the OpenSSL library being linked against
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updatersupporting GOST.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater[13] Section 5.5 does not match reality. Named uses the presence
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updaterof DO=1 to detect if validation may be occuring. CD has no bearing
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updateron whether validation is occuring or not.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont[14] Conditional on the OpenSSL library being linked against
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Usersupporting ECDSA.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[15] Section 5.9 - Always set CD=1 on queries. This is *not* done as
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userit prevents DNSSEC working correctly through another recursive server.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox UserWhen talking to a recurive server the best algorithm to do is send
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox UserCD=0 and then send CD=1 iff SERVFAIL is returned in case the recurive
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Userserver has a bad clock and/or bad trust anchor. Alternatively one
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Usercan send CD=1 then CD=0 on validation failure in case the recursive
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updaterserver is under attack or there is stale / bogus authoritative data.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User[16] Named doesn't currently encrypt DNS requests so the PAD option
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox Useris accepted but not returned in responses.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User