general.rst revision 1.1.1.3
1.. 2 Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 4 This Source Code Form is subject to the terms of the Mozilla Public 5 License, v. 2.0. If a copy of the MPL was not distributed with this 6 file, you can obtain one at https://mozilla.org/MPL/2.0/. 7 8 See the COPYRIGHT file distributed with this work for additional 9 information regarding copyright ownership. 10 11.. General: 12 13General DNS Reference Information 14================================= 15 16.. _ipv6addresses: 17 18IPv6 Addresses (AAAA) 19--------------------- 20 21IPv6 addresses are 128-bit identifiers, for interfaces and sets of 22interfaces, which were introduced in the DNS to facilitate scalable 23Internet routing. There are three types of addresses: *Unicast*, an 24identifier for a single interface; *Anycast*, an identifier for a set of 25interfaces; and *Multicast*, an identifier for a set of interfaces. Here 26we describe the global Unicast address scheme. For more information, see 27:rfc:`3587`, "IPv6 Global Unicast Address Format." 28 29IPv6 unicast addresses consist of a *global routing prefix*, a *subnet 30identifier*, and an *interface identifier*. 31 32The global routing prefix is provided by the upstream provider or ISP, 33and roughly corresponds to the IPv4 *network* section of the address 34range. The subnet identifier is for local subnetting, much like 35subnetting an IPv4 /16 network into /24 subnets. The interface 36identifier is the address of an individual interface on a given network; 37in IPv6, addresses belong to interfaces rather than to machines. 38 39The subnetting capability of IPv6 is much more flexible than that of 40IPv4; subnetting can be carried out on bit boundaries, in much the same 41way as Classless InterDomain Routing (CIDR), and the DNS PTR 42representation ("nibble" format) makes setting up reverse zones easier. 43 44The interface identifier must be unique on the local link, and is 45usually generated automatically by the IPv6 implementation, although it 46is usually possible to override the default setting if necessary. A 47typical IPv6 address might look like: 48``2001:db8:201:9:a00:20ff:fe81:2b32``. 49 50IPv6 address specifications often contain long strings of zeros, so the 51architects have included a shorthand for specifying them. The double 52colon (``::``) indicates the longest possible string of zeros that can 53fit, and can be used only once in an address. 54 55.. _bibliography: 56 57Bibliography (and Suggested Reading) 58------------------------------------ 59 60.. _rfcs: 61 62Requests for Comment (RFCs) 63~~~~~~~~~~~~~~~~~~~~~~~~~~~ 64 65BIND 9 strives for strict compliance with IETF standards. To the best 66of our knowledge, BIND 9 complies with the following RFCs, with 67the caveats and exceptions listed in the numbered notes below. Many 68of these RFCs were written by current or former ISC staff members. 69The list is non-exhaustive. 70 71Specification documents for the Internet protocol suite, including the 72DNS, are published as part of the Request for Comments (RFCs) series of 73technical notes. The standards themselves are defined by the Internet 74Engineering Task Force (IETF) and the Internet Engineering Steering 75Group (IESG). RFCs can be viewed online at: https://datatracker.ietf.org/doc/ . 76 77Some of these RFCs, though DNS-related, are not concerned with implementing 78software. 79 80Internet Standards 81------------------ 82 83:rfc:`1034` - P. Mockapetris. *Domain Names ��� Concepts and Facilities.* November 841987. 85 86:rfc:`1035` - P. Mockapetris. *Domain Names ��� Implementation and Specification.* 87November 1987. [1] [2] 88 89:rfc:`1123` - R. Braden. *Requirements for Internet Hosts - Application and 90Support.* October 1989. 91 92:rfc:`3596` - S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. *DNS Extensions to 93Support IP Version 6.* October 2003. 94 95:rfc:`5011` - M. StJohns. *Automated Updates of DNS Security (DNSSEC) Trust Anchors.* 96 97:rfc:`6891` - J. Damas, M. Graff, and P. Vixie. *Extension Mechanisms for DNS 98(EDNS(0)).* April 2013. 99 100.. _proposed_standards: 101 102Proposed Standards 103------------------ 104 105:rfc:`1982` - R. Elz and R. Bush. *Serial Number Arithmetic.* August 1996. 106 107:rfc:`1995` - M. Ohta. *Incremental Zone Transfer in DNS.* August 1996. 108 109:rfc:`1996` - P. Vixie. *A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY).* 110August 1996. 111 112:rfc:`2136` - P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. *Dynamic Updates in the 113Domain Name System (DNS UPDATE).* April 1997. 114 115:rfc:`2163` - A. Allocchio. *Using the Internet DNS to Distribute MIXER 116Conformant Global Address Mapping (MCGAM).* January 1998. 117 118:rfc:`2181` - R. Elz and R. Bush. *Clarifications to the DNS Specification.* July 1997. 119 120:rfc:`2308` - M. Andrews. *Negative Caching of DNS Queries (DNS NCACHE).* March 1998. 121 122:rfc:`2539` - D. Eastlake, 3rd. *Storage of Diffie-Hellman Keys in the Domain Name 123System (DNS).* March 1999. 124 125:rfc:`2782` - A. Gulbrandsen, P. Vixie, and L. Esibov. *A DNS RR for Specifying the 126Location of Services (DNS SRV).* February 2000. 127 128:rfc:`2845` - P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. *Secret Key 129Transaction Authentication for DNS (TSIG).* May 2000. 130 131:rfc:`2930` - D. Eastlake, 3rd. *Secret Key Establishment for DNS (TKEY RR).* 132September 2000. 133 134:rfc:`2931` - D. Eastlake, 3rd. *DNS Request and Transaction Signatures (SIG(0)s).* 135September 2000. [3] 136 137:rfc:`3007` - B. Wellington. *Secure Domain Name System (DNS) Dynamic Update.* 138November 2000. 139 140:rfc:`3110` - D. Eastlake, 3rd. *RSA/SHA-1 SIGs and RSA KEYs in the Domain Name 141System (DNS).* May 2001. 142 143:rfc:`3225` - D. Conrad. *Indicating Resolver Support of DNSSEC.* December 2001. 144 145:rfc:`3226` - O. Gudmundsson. *DNSSEC and IPv6 A6 Aware Server/Resolver 146Message Size Requirements.* December 2001. 147 148:rfc:`3492` - A. Costello. *Punycode: A Bootstring Encoding of Unicode for 149Internationalized Domain Names in Applications (IDNA).* March 2003. 150 151:rfc:`3597` - A. Gustafsson. *Handling of Unknown DNS Resource Record (RR) Types.* 152September 2003. 153 154:rfc:`3645` - S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. *Generic 155Security Service Algorithm for Secret Key Transaction Authentication for 156DNS (GSS-TSIG).* October 2003. 157 158:rfc:`4025` - M. Richardson. *A Method for Storing IPsec Keying Material in 159DNS.* March 2005. 160 161:rfc:`4033` - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. *DNS Security 162Introduction and Requirements.* March 2005. [4] 163 164:rfc:`4034` - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. *Resource Records for 165the DNS Security Extensions.* March 2005. 166 167:rfc:`4035` - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. *Protocol 168Modifications for the DNS Security Extensions.* March 2005. 169 170:rfc:`4255` - J. Schlyter and W. Griffin. *Using DNS to Securely Publish Secure 171Shell (SSH) Key Fingerprints.* January 2006. 172 173:rfc:`4343` - D. Eastlake, 3rd. *Domain Name System (DNS) Case Insensitivity 174Clarification.* January 2006. 175 176:rfc:`4398` - S. Josefsson. *Storing Certificates in the Domain Name System (DNS).* March 2006. 177 178:rfc:`4470` - S. Weiler and J. Ihren. *Minimally covering NSEC Records and 179DNSSEC On-line Signing.* April 2006. [5] 180 181:rfc:`4509` - W. Hardaker. *Use of SHA-256 in DNSSEC Delegation Signer 182(DS) Resource Records (RRs).* May 2006. 183 184:rfc:`4592` - E. Lewis. *The Role of Wildcards in the Domain Name System.* July 2006. 185 186:rfc:`4635` - D. Eastlake, 3rd. *HMAC SHA (Hashed Message Authentication 187Code, Secure Hash Algorithm) TSIG Algorithm Identifiers.* August 2006. 188 189:rfc:`4701` - M. Stapp, T. Lemon, and A. Gustafsson. *A DNS Resource Record 190(RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID 191RR).* October 2006. 192 193:rfc:`4955` - D. Blacka. *DNS Security (DNSSEC) Experiments.* July 2007. [6] 194 195:rfc:`5001` - R. Austein. *DNS Name Server Identifier (NSID) Option.* August 2007. 196 197:rfc:`5155` - B. Laurie, G. Sisson, R. Arends, and D. Blacka. *DNS Security 198(DNSSEC) Hashed Authenticated Denial of Existence.* March 2008. 199 200:rfc:`5452` - A. Hubert and R. van Mook. *Measures for Making DNS More 201Resilient Against Forged Answers.* January 2009. [7] 202 203:rfc:`5702` - J. Jansen. *Use of SHA-2 Algorithms with RSA in DNSKEY and 204RRSIG Resource Records for DNSSEC.* October 2009. 205 206:rfc:`5936` - E. Lewis and A. Hoenes, Ed. *DNS Zone Transfer Protocol (AXFR).* 207June 2010. 208 209:rfc:`5952` - S. Kawamura and M. Kawashima. *A Recommendation for IPv6 Address 210Text Representation.* August 2010. 211 212:rfc:`6052` - C. Bao, C. Huitema, M. Bagnulo, M. Boucadair, and X. Li. *IPv6 213Addressing of IPv4/IPv6 Translators.* October 2010. 214 215:rfc:`6147` - M. Bagnulo, A. Sullivan, P. Matthews, and I. van Beijnum. 216*DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to 217IPv4 Servers.* April 2011. [8] 218 219:rfc:`6594` - O. Sury. *Use of the SHA-256 Algorithm with RSA, Digital 220Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource 221Records.* April 2012. 222 223:rfc:`6604` - D. Eastlake, 3rd. *xNAME RCODE and Status Bits Clarification.* 224April 2012. 225 226:rfc:`6605` - P. Hoffman and W. C. A. Wijngaards. *Elliptic Curve Digital 227Signature Algorithm (DSA) for DNSSEC.* April 2012. [9] 228 229:rfc:`6672` - S. Rose and W. Wijngaards. *DNAME Redirection in the DNS.* 230June 2012. 231 232:rfc:`6698` - P. Hoffman and J. Schlyter. *The DNS-Based Authentication of 233Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA.* 234August 2012. 235 236:rfc:`6725` - S. Rose. *DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry 237Updates.* August 2012. [10] 238 239:rfc:`6840` - S. Weiler, Ed., and D. Blacka, Ed. *Clarifications and 240Implementation Notes for DNS Security (DNSSEC).* February 2013. [11] 241 242:rfc:`7216` - M. Thomson and R. Bellis. *Location Information Server (LIS) 243Discovery Using IP Addresses and Reverse DNS.* April 2014. 244 245:rfc:`7344` - W. Kumari, O. Gudmundsson, and G. Barwood. *Automating DNSSEC 246Delegation Trust Maintenance.* September 2014. [12] 247 248:rfc:`7477` - W. Hardaker. *Child-to-Parent Synchronization in DNS.* March 2492015. 250 251:rfc:`7766` - J. Dickinson, S. Dickinson, R. Bellis, A. Mankin, and D. 252Wessels. *DNS Transport over TCP - Implementation Requirements.* March 2016. 253 254:rfc:`7828` - P. Wouters, J. Abley, S. Dickinson, and R. Bellis. 255*The edns-tcp-keepalive EDNS0 Option.* April 2016. 256 257:rfc:`7830` - A. Mayrhofer. *The EDNS(0) Padding Option.* May 2016. [13] 258 259:rfc:`8080` - O. Sury and R. Edmonds. *Edwards-Curve Digital Security Algorithm 260(EdDSA) for DNSSEC.* February 2017. 261 262:rfc:`8482` - J. Abley, O. Gudmundsson, M. Majkowski, and E. Hunt. *Providing 263Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY.* January 2019. 264 265:rfc:`8490` - R. Bellis, S. Cheshire, J. Dickinson, S. Dickinson, T. Lemon, 266and T. Pusateri. *DNS Stateful Operations.* March 2019. 267 268:rfc:`8624` - P. Wouters and O. Sury. *Algorithm Implementation Requirements 269and Usage Guidance for DNSSEC.* June 2019. 270 271:rfc:`8749` - W. Mekking and D. Mahoney. *Moving DNSSEC Lookaside Validation 272(DLV) to Historic Status.* March 2020. 273 274Informational RFCs 275------------------ 276 277:rfc:`1535` - E. Gavron. *A Security Problem and Proposed Correction With Widely 278Deployed DNS Software.* October 1993. 279 280:rfc:`1536` - A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. *Common DNS 281Implementation Errors and Suggested Fixes.* October 1993. 282 283:rfc:`1591` - J. Postel. *Domain Name System Structure and Delegation.* March 1994. 284 285:rfc:`1706` - B. Manning and R. Colella. *DNS NSAP Resource Records.* October 1994. 286 287:rfc:`1713` - A. Romao. *Tools for DNS Debugging.* November 1994. 288 289:rfc:`1794` - T. Brisco. *DNS Support for Load Balancing.* April 1995. 290 291:rfc:`1912` - D. Barr. *Common DNS Operational and Configuration Errors.* February 2921996. 293 294:rfc:`2230` - R. Atkinson. *Key Exchange Delegation Record for the DNS.* November 2951997. 296 297:rfc:`2352` - O. Vaughan. *A Convention for Using Legal Names as Domain Names.* May 2981998. 299 300:rfc:`2825` - IAB and L. Daigle. *A Tangled Web: Issues of I18N, Domain Names, and 301the Other Internet Protocols.* May 2000. 302 303:rfc:`2826` - Internet Architecture Board. *IAB Technical Comment on the Unique 304DNS Root.* May 2000. 305 306:rfc:`3071` - J. Klensin. *Reflections on the DNS, RFC 1591, and Categories of 307Domains.* February 2001. 308 309:rfc:`3258` - T. Hardie. *Distributing Authoritative Name Servers via Shared 310Unicast Addresses.* April 2002. 311 312:rfc:`3363` - R. Bush, A. Durand, B. Fink, O. Gudmundsson, and T. Hain. 313*Representing Internet Protocol Version 6 (IPv6) Addresses in the Domain Name 314System (DNS).* August 2002. [14] 315 316:rfc:`3493` - R. Gilligan, S. Thomson, J. Bound, J. McCann, and W. Stevens. 317*Basic Socket Interface Extensions for IPv6.* March 2003. 318 319:rfc:`3496` - A. G. Malis and T. Hsiao. *Protocol Extension for Support of 320Asynchronous Transfer Mode (ATM) Service Class-aware Multiprotocol Label 321Switching (MPLS) Traffic Engineering.* March 2003. 322 323:rfc:`3833` - D. Atkins and R. Austein. *Threat Analysis of the Domain Name System 324(DNS).* August 2004. 325 326:rfc:`4074` - Y. Morishita and T. Jinmei. *Common Misbehavior Against DNS Queries for 327IPv6 Addresses.* June 2005. 328 329:rfc:`4892` - S. Woolf and D. Conrad. *Requirements for a Mechanism 330Identifying a Name Server Instance.* June 2007. 331 332:rfc:`6781` - O. Kolkman, W. Mekking, and R. Gieben. *DNSSEC Operational 333Practices, Version 2.* December 2012. 334 335:rfc:`7043` - J. Abley. *Resource Records for EUI-48 and EUI-64 Addresses 336in the DNS.* October 2013. 337 338:rfc:`7129` - R. Gieben and W. Mekking. *Authenticated Denial of Existence 339in the DNS.* February 2014. 340 341:rfc:`7553` - P. Faltstrom and O. Kolkman. *The Uniform Resource Identifier 342(URI) DNS Resource Record.* June 2015. 343 344:rfc:`7583` - S. Morris, J. Ihren, J. Dickinson, and W. Mekking. *DNSSEC Key 345Rollover Timing Considerations.* October 2015. 346 347Experimental RFCs 348----------------- 349 350:rfc:`1183` - C. F. Everhart, L. A. Mamakos, R. Ullmann, P. Mockapetris. *New DNS RR 351Definitions.* October 1990. 352 353:rfc:`1464` - R. Rosenbaum. *Using the Domain Name System to Store Arbitrary 354String Attributes.* May 1993. 355 356:rfc:`1712` - C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. *DNS Encoding of 357Geographical Location.* November 1994. 358 359:rfc:`1876` - C. Davis, P. Vixie, T. Goodwin, and I. Dickinson. *A Means for Expressing 360Location Information in the Domain Name System.* January 1996. 361 362:rfc:`2345` - J. Klensin, T. Wolf, and G. Oglesby. *Domain Names and Company Name 363Retrieval.* May 1998. 364 365:rfc:`2540` - D. Eastlake, 3rd. *Detached Domain Name System (DNS) Information.* 366March 1999. 367 368:rfc:`3123` - P. Koch. *A DNS RR Type for Lists of Address Prefixes (APL RR).* June 3692001. 370 371:rfc:`6742` - RJ Atkinson, SN Bhatti, U. St. Andrews, and S. Rose. *DNS 372Resource Records for the Identifier-Locator Network Protocol (ILNP).* 373November 2012. 374 375:rfc:`7314` - M. Andrews. *Extension Mechanisms for DNS (EDNS) EXPIRE Option.* 376July 2014. 377 378:rfc:`7929` - P. Wouters. *DNS-Based Authentication of Named Entities (DANE) 379Bindings for OpenPGP.* August 2016. 380 381Best Current Practice RFCs 382-------------------------- 383 384:rfc:`2219` - M. Hamilton and R. Wright. *Use of DNS Aliases for Network Services.* 385October 1997. 386 387:rfc:`2317` - H. Eidnes, G. de Groot, and P. Vixie. *Classless IN-ADDR.ARPA Delegation.* 388March 1998. 389 390:rfc:`2606` - D. Eastlake, 3rd and A. Panitz. *Reserved Top Level DNS Names.* June 3911999. [15] 392 393:rfc:`3901` - A. Durand and J. Ihren. *DNS IPv6 Transport Operational Guidelines.* 394September 2004. 395 396:rfc:`5625` - R. Bellis. *DNS Proxy Implementation Guidelines.* August 2009. 397 398:rfc:`6303` - M. Andrews. *Locally Served DNS Zones.* July 2011. 399 400:rfc:`7793` - M. Andrews. *Adding 100.64.0.0/10 Prefixes to the IPv4 401Locally-Served DNS Zones Registry.* May 2016. 402 403:rfc:`8906` - M. Andrews and R. Bellis. *A Common Operational Problem in DNS 404Servers: Failure to Communicate.* September 2020. 405 406Historic RFCs 407------------- 408 409:rfc:`2874` - M. Crawford and C. Huitema. *DNS Extensions to Support IPv6 Address 410Aggregation and Renumbering.* July 2000. [4] 411 412:rfc:`4431` - M. Andrews and S. Weiler. *The DNSSEC Lookaside Validation 413(DLV) DNS Resource Record.* February 2006. 414 415RFCs of Type "Unknown" 416---------------------- 417 418:rfc:`1033` - M. Lottor. *Domain Administrators Operations Guide.* November 1987. 419 420:rfc:`1101` - P. Mockapetris. *DNS Encoding of Network Names and Other Types.* 421April 1989. 422 423Obsoleted and Unimplemented Experimental RFCs 424--------------------------------------------- 425 426:rfc:`974` - C. Partridge. *Mail Routing and the Domain System.* January 1986. 427 428:rfc:`1521` - N. Borenstein and N. Freed. *MIME (Multipurpose Internet Mail 429Extensions) Part One: Mechanisms for Specifying and Describing the Format of 430Internet Message Bodies.* September 1993 [16] 431 432:rfc:`1537` - P. Beertema. *Common DNS Data File Configuration Errors.* October 4331993. 434 435:rfc:`1750` - D. Eastlake, 3rd, S. Crocker, and J. Schiller. *Randomness 436Recommendations for Security.* December 1994. 437 438:rfc:`2010` - B. Manning and P. Vixie. *Operational Criteria for Root Name Servers.* 439October 1996. 440 441:rfc:`2052` - A. Gulbrandsen and P. Vixie. *A DNS RR for Specifying the Location of 442Services.* October 1996. 443 444:rfc:`2065` - D. Eastlake, 3rd and C. Kaufman. *Domain Name System Security Extensions.* 445January 1997. 446 447:rfc:`2137` - D. Eastlake, 3rd. *Secure Domain Name System Dynamic Update.* April 4481997. 449 450:rfc:`2168` - R. Daniel and M. Mealling. *Resolution of Uniform Resource Identifiers 451Using the Domain Name System.* June 1997. 452 453:rfc:`2240` - O. Vaughan. *A Legal Basis for Domain Name Allocation.* November 1997. 454 455:rfc:`2535` - D. Eastlake, 3rd. *Domain Name System Security Extensions.* 456March 1999. [17] [18] 457 458:rfc:`2537` - D. Eastlake, 3rd. *RSA/MD5 KEYs and SIGs in the Domain Name System 459(DNS).* March 1999. 460 461:rfc:`2538` - D. Eastlake, 3rd and O. Gudmundsson. *Storing Certificates in the Domain 462Name System (DNS).* March 1999. 463 464:rfc:`2671` - P. Vixie. *Extension Mechanisms for DNS (EDNS0).* August 1999. 465 466:rfc:`2672` - M. Crawford. *Non-Terminal DNS Name Redirection.* August 1999. 467 468:rfc:`2673` - M. Crawford. *Binary Labels in the Domain Name System.* August 1999. 469 470:rfc:`2915` - M. Mealling and R. Daniel. *The Naming Authority Pointer (NAPTR) DNS 471Resource Record.* September 2000. 472 473:rfc:`2929` - D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. *Domain Name System 474(DNS) IANA Considerations.* September 2000. 475 476:rfc:`3008` - B. Wellington. *Domain Name System Security (DNSSEC) Signing 477Authority.* November 2000. 478 479:rfc:`3090` - E. Lewis. *DNS Security Extension Clarification on Zone Status.* 480March 2001. 481 482:rfc:`3152` - R. Bush. *Delegation of IP6.ARPA.* August 2001. 483 484:rfc:`3445` - D. Massey and S. Rose. *Limiting the Scope of the KEY Resource Record 485(RR).* December 2002. 486 487:rfc:`3490` - P. Faltstrom, P. Hoffman, and A. Costello. *Internationalizing Domain Names 488in Applications (IDNA).* March 2003. [19] 489 490:rfc:`3491` - P. Hoffman and M. Blanchet. *Nameprep: A Stringprep Profile for 491Internationalized Domain Names (IDN).* March 2003. [19] 492 493:rfc:`3655` - B. Wellington and O. Gudmundsson. *Redefinition of DNS Authenticated 494Data (AD) Bit.* November 2003. 495 496:rfc:`3658` - O. Gudmundsson. *Delegation Signer (DS) Resource Record (RR).* 497December 2003. 498 499:rfc:`3755` - S. Weiler. *Legacy Resolver Compatibility for Delegation Signer 500(DS).* May 2004. 501 502:rfc:`3757` - O. Kolkman, J. Schlyter, and E. Lewis. *Domain Name System KEY (DNSKEY) 503Resource Record (RR) Secure Entry Point (SEP) Flag.* May 2004. 504 505:rfc:`3845` - J. Schlyter. *DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format.* 506August 2004. 507 508:rfc:`4294` - J. Loughney, Ed. *IPv6 Node Requirements.* [20] 509 510:rfc:`4408` - M. Wong and W. Schlitt. *Sender Policy Framework (SPF) for 511Authorizing Use of Domains in E-Mail, Version 1.* April 2006. 512 513:rfc:`5966` - R. Bellis. *DNS Transport Over TCP - Implementation 514Requirements.* August 2010. 515 516:rfc:`6844` - P. Hallam-Baker and R. Stradling. *DNS Certification Authority 517Authorization (CAA) Resource Record.* January 2013. 518 519:rfc:`6944` - S. Rose. *Applicability Statement: DNS Security (DNSSEC) DNSKEY 520Algorithm Implementation Status.* April 2013. 521 522RFCs No Longer Supported in BIND 9 523---------------------------------- 524 525:rfc:`2536` - D. Eastlake, 3rd. *DSA KEYs and SIGs in the Domain Name System 526(DNS).* March 1999. 527 528Notes 529~~~~~ 530 531[1] Queries to zones that have failed to load return SERVFAIL rather 532than a non-authoritative response. This is considered a feature. 533 534[2] CLASS ANY queries are not supported. This is considered a 535feature. 536 537[3] When receiving a query signed with a SIG(0), the server is 538only able to verify the signature if it has the key in its local 539authoritative data; it cannot do recursion or validation to 540retrieve unknown keys. 541 542[4] Compliance is with loading and serving of A6 records only. A6 records were moved 543to the experimental category by :rfc:`3363`. 544 545[5] Minimally Covering NSEC records are accepted but not generated. 546 547[6] BIND 9 interoperates with correctly designed experiments. 548 549[7] ``named`` only uses ports to extend the ID space; addresses are not 550used. 551 552[8] Section 5.5 does not match reality. ``named`` uses the presence 553of DO=1 to detect if validation may be occurring. CD has no bearing 554on whether validation occurs. 555 556[9] Compliance is conditional on the OpenSSL library being linked against 557a supporting ECDSA. 558 559[10] RSAMD5 support has been removed. See :rfc:`6944`. 560 561[11] Section 5.9 - Always set CD=1 on queries. This is *not* done, as 562it prevents DNSSEC from working correctly through another recursive server. 563 564When talking to a recursive server, the best algorithm is to send 565CD=0 and then send CD=1 iff SERVFAIL is returned, in case the recursive 566server has a bad clock and/or bad trust anchor. Alternatively, one 567can send CD=1 then CD=0 on validation failure, in case the recursive 568server is under attack or there is stale/bogus authoritative data. 569 570[12] Updating of parent zones is not yet implemented. 571 572[13] ``named`` does not currently encrypt DNS requests, so the PAD option 573is accepted but not returned in responses. 574 575[14] Section 4 is ignored. 576 577[15] This does not apply to DNS server implementations. 578 579[16] Only the Base 64 encoding specification is supported. 580 581[17] Wildcard records are not supported in DNSSEC secure zones. 582 583[18] Servers authoritative for secure zones being resolved by BIND 5849 must support EDNS0 (:rfc:`2671`), and must return all relevant SIGs 585and NXTs in responses, rather than relying on the resolving server 586to perform separate queries for missing SIGs and NXTs. 587 588[19] BIND 9 requires ``--with-idn`` to enable entry of IDN labels within dig, 589host, and nslookup at compile time. ACE labels are supported 590everywhere with or without ``--with-idn``. 591 592[20] Section 5.1 - DNAME records are fully supported. 593 594.. _internet_drafts: 595 596Internet Drafts 597~~~~~~~~~~~~~~~ 598 599Internet Drafts (IDs) are rough-draft working documents of the Internet 600Engineering Task Force (IETF). They are, in essence, RFCs in the preliminary 601stages of development. Implementors are cautioned not to regard IDs as 602archival, and they should not be quoted or cited in any formal documents 603unless accompanied by the disclaimer that they are "works in progress." 604IDs have a lifespan of six months, after which they are deleted unless 605updated by their authors. 606 607.. _more_about_bind: 608 609Other Documents About BIND 610~~~~~~~~~~~~~~~~~~~~~~~~~~ 611 612Paul Albitz and Cricket Liu. *DNS and BIND.* Copyright 1998 Sebastopol, CA: O'Reilly and 613Associates. 614