1135446StrhodesCopyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 2135446StrhodesCopyright (C) 2001 Internet Software Consortium. 3135446StrhodesSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms. 4135446Strhodes 5234010Sdougb$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $ 6135446Strhodes 7135446StrhodesBIND 9 is striving for strict compliance with IETF standards. We 8135446Strhodesbelieve this release of BIND 9 complies with the following RFCs, with 9135446Strhodesthe caveats and exceptions listed in the numbered notes below. Note 10135446Strhodesthat a number of these RFCs do not have the status of Internet 11135446Strhodesstandards but are proposed or draft standards, experimental RFCs, 12135446Strhodesor Best Current Practice (BCP) documents. 13135446Strhodes 14135446Strhodes RFC1034 15135446Strhodes RFC1035 [1] [2] 16135446Strhodes RFC1123 17135446Strhodes RFC1183 18135446Strhodes RFC1535 19135446Strhodes RFC1536 20135446Strhodes RFC1706 21135446Strhodes RFC1712 22135446Strhodes RFC1750 23135446Strhodes RFC1876 24135446Strhodes RFC1982 25135446Strhodes RFC1995 26135446Strhodes RFC1996 27135446Strhodes RFC2136 28135446Strhodes RFC2163 29135446Strhodes RFC2181 30135446Strhodes RFC2230 31135446Strhodes RFC2308 32135446Strhodes RFC2535 [3] [4] 33135446Strhodes RFC2536 34135446Strhodes RFC2537 35135446Strhodes RFC2538 36135446Strhodes RFC2539 37135446Strhodes RFC2671 38135446Strhodes RFC2672 39135446Strhodes RFC2673 40135446Strhodes RFC2782 41135446Strhodes RFC2915 42135446Strhodes RFC2930 43135446Strhodes RFC2931 [5] 44135446Strhodes RFC3007 45135446Strhodes 46135446Strhodes 47135446Strhodes[1] Queries to zones that have failed to load return SERVFAIL rather 48135446Strhodesthan a non-authoritative response. This is considered a feature. 49135446Strhodes 50135446Strhodes[2] CLASS ANY queries are not supported. This is considered a feature. 51135446Strhodes 52135446Strhodes[3] Wildcard records are not supported in DNSSEC secure zones. 53135446Strhodes 54135446Strhodes[4] Servers authoritative for secure zones being resolved by BIND 9 55135446Strhodesmust support EDNS0 (RFC2671), and must return all relevant SIGs and 56135446StrhodesNXTs in responses rather than relying on the resolving server to 57135446Strhodesperform separate queries for missing SIGs and NXTs. 58135446Strhodes 59135446Strhodes[5] When receiving a query signed with a SIG(0), the server will only 60135446Strhodesbe able to verify the signature if it has the key in its local 61135446Strhodesauthoritative data; it will not do recursion or validation to 62135446Strhodesretrieve unknown keys. 63