clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 22:57:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
b616c4f833
unbound/doc/FEATURES
Wouter Wijngaards c49eefba59 rfc number. 
git-svn-id: file:///svn/unbound/trunk@1060 be551aaa-1e26-0410-a405-d3ace91eadb9
2008-04-21 09:37:32 +00:00

92 lines
2.9 KiB
Plaintext
Raw Blame History

Unbound Features
(C) Copyright 2008, Wouter Wijngaards, NLnet Labs.
This document describes the features and RFCs that unbound
adheres to, and which ones are decided to be out of scope.
Big Features
------------
Recursive service.
Caching service.
Forwarding and stub zones.
No authoritative service.
DNSSEC Validation options.
EDNS0, NSEC3, Unknown-RR-types.
Details
-------
Processing support
RFC 1034-1035: as a recursive, caching server. Not authoritative.
including CNAMEs, referrals, wildcards, classes, ...
RFC 4033-4035: as a validating caching server (unbound daemon).
as a validating stub (libunbound).
RFC 1918.
RFC 2181: completely, including the trust model, keeping rrsets together.
RFC 2672: DNAME support.
RFC 3597: Unknown RR type support.
RFC 2671: EDNS0 support, default advertisement 4Kb size.
RFC 5155: NSEC3, NSEC3PARAM types
AAAA type. and IP6 dual stack support.
type ANY queries are supported.
RFC 2308: TTL directive, and the rest of the RFC too.
RFC 4592: wildcards.
RFC 1995, 1996, 2136: not authoritative, so no AXFR, IXFR, NOTIFY or
dynamic update services are appropriate.
chroot and drop-root-privileges support, default enabled in config file.
AD bit in query can be used to request AD bit in response (w/o using DO bit).
CD bit in query can be used to request bogus data.
UDP and TCP service is provided downstream.
UDP and TCP are used to request from upstream servers.
Multiple queries can be made over a TCP stream.
No TSIG support at this time.
No SIG0 support at this time.
No dTLS support at this time.
This is not a DNS statistics package, but some operationally useful
values are provided.
TXT RRs from the Chaos class (id.server, hostname.bind, ...) supported.
draft-forgery-resilience: all recommendations followed.
draft-0x20: experimental implementation (incomplete).
implements bitwise echo of the query to support downstream 0x20.
draft-ietf-dnsop-default-local-zones is fully supported (-04).
It is possible to block zones or return an address for localhost.
This is a very limited authoritative service. Defaults as in draft.
draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to
a safety belt list.
draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured
as trust anchors. Also DNSKEYs are allowed, by the way.
draft-ietf-dnsop-reflectors-are-evil: access control list for recursive
service. In fact for all DNS service so cache snooping is halted.
Record type syntax support, extensive, from lib ldns.
For these types only syntax and parsing support is needed.
RFC 1034-1035: basic RR types.
RFC 1183: RP, AFSDB, X25, ISDN, RT
RFC 1706: NSAP
RFC 2535: KEY, SIG, NXT: treated as unknown data, syntax is parsed (obsolete).
2163: PX
AAAA type
1876: LOC type
2782: SRV type
2915: NAPTR type.
2230: KX type.
2538: CERT type.
2672: DNAME type.
OPT type
3123: APL
SSHFP type
4025: IPSECKEY
4033-4035: DS, RRSIG, NSEC, DNSKEY
4701: DHCID
5155: NSEC3, NSEC3PARAM
4408: SPF
Reference in New Issue View Git Blame Copy Permalink