1135446StrhodesCopyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
2135446StrhodesCopyright (C) 2001  Internet Software Consortium.
3135446StrhodesSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
4135446Strhodes
5234010Sdougb$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
6135446Strhodes
7135446StrhodesBIND 9 is striving for strict compliance with IETF standards.  We
8135446Strhodesbelieve this release of BIND 9 complies with the following RFCs, with
9135446Strhodesthe caveats and exceptions listed in the numbered notes below.  Note
10135446Strhodesthat a number of these RFCs do not have the status of Internet
11135446Strhodesstandards but are proposed or draft standards, experimental RFCs, 
12135446Strhodesor Best Current Practice (BCP) documents.
13135446Strhodes
14135446Strhodes  RFC1034
15135446Strhodes  RFC1035 [1] [2]
16135446Strhodes  RFC1123
17135446Strhodes  RFC1183
18135446Strhodes  RFC1535
19135446Strhodes  RFC1536
20135446Strhodes  RFC1706
21135446Strhodes  RFC1712
22135446Strhodes  RFC1750
23135446Strhodes  RFC1876
24135446Strhodes  RFC1982
25135446Strhodes  RFC1995
26135446Strhodes  RFC1996
27135446Strhodes  RFC2136
28135446Strhodes  RFC2163
29135446Strhodes  RFC2181
30135446Strhodes  RFC2230
31135446Strhodes  RFC2308
32135446Strhodes  RFC2535 [3] [4]
33135446Strhodes  RFC2536
34135446Strhodes  RFC2537
35135446Strhodes  RFC2538
36135446Strhodes  RFC2539
37135446Strhodes  RFC2671
38135446Strhodes  RFC2672
39135446Strhodes  RFC2673
40135446Strhodes  RFC2782
41135446Strhodes  RFC2915
42135446Strhodes  RFC2930
43135446Strhodes  RFC2931 [5]
44135446Strhodes  RFC3007
45135446Strhodes
46135446Strhodes
47135446Strhodes[1] Queries to zones that have failed to load return SERVFAIL rather
48135446Strhodesthan a non-authoritative response.  This is considered a feature.
49135446Strhodes
50135446Strhodes[2] CLASS ANY queries are not supported.  This is considered a feature.
51135446Strhodes
52135446Strhodes[3] Wildcard records are not supported in DNSSEC secure zones.
53135446Strhodes
54135446Strhodes[4] Servers authoritative for secure zones being resolved by BIND 9
55135446Strhodesmust support EDNS0 (RFC2671), and must return all relevant SIGs and
56135446StrhodesNXTs in responses rather than relying on the resolving server to
57135446Strhodesperform separate queries for missing SIGs and NXTs.
58135446Strhodes
59135446Strhodes[5] When receiving a query signed with a SIG(0), the server will only
60135446Strhodesbe able to verify the signature if it has the key in its local
61135446Strhodesauthoritative data; it will not do recursion or validation to
62135446Strhodesretrieve unknown keys.
63