/contrib/bind9/doc/misc/rfc-compliance

 1Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 2Copyright (C) 2001  Internet Software Consortium.
 3See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 4
 5$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
 6
 7BIND 9 is striving for strict compliance with IETF standards.  We
 8believe this release of BIND 9 complies with the following RFCs, with
 9the caveats and exceptions listed in the numbered notes below.  Note
10that a number of these RFCs do not have the status of Internet
11standards but are proposed or draft standards, experimental RFCs, 
12or Best Current Practice (BCP) documents.
13
14  RFC1034
15  RFC1035 [1] [2]
16  RFC1123
17  RFC1183
18  RFC1535
19  RFC1536
20  RFC1706
21  RFC1712
22  RFC1750
23  RFC1876
24  RFC1982
25  RFC1995
26  RFC1996
27  RFC2136
28  RFC2163
29  RFC2181
30  RFC2230
31  RFC2308
32  RFC2535 [3] [4]
33  RFC2536
34  RFC2537
35  RFC2538
36  RFC2539
37  RFC2671
38  RFC2672
39  RFC2673
40  RFC2782
41  RFC2915
42  RFC2930
43  RFC2931 [5]
44  RFC3007
45
46
47[1] Queries to zones that have failed to load return SERVFAIL rather
48than a non-authoritative response.  This is considered a feature.
49
50[2] CLASS ANY queries are not supported.  This is considered a feature.
51
52[3] Wildcard records are not supported in DNSSEC secure zones.
53
54[4] Servers authoritative for secure zones being resolved by BIND 9
55must support EDNS0 (RFC2671), and must return all relevant SIGs and
56NXTs in responses rather than relying on the resolving server to
57perform separate queries for missing SIGs and NXTs.
58
59[5] When receiving a query signed with a SIG(0), the server will only
60be able to verify the signature if it has the key in its local
61authoritative data; it will not do recursion or validation to
62retrieve unknown keys.