File: //proc/self/root/usr/share/doc/bind9-doc/arm/general.html
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="./">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>General DNS Reference Information — BIND 9 9.18.39-0ubuntu0.24.04.2-Ubuntu documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
<link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="_static/custom.css?v=9ab34431" />
<script src="_static/jquery.js?v=8dae8fb0"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="_static/documentation_options.js?v=9d4ae9d2"></script>
<script src="_static/doctools.js?v=888ff710"></script>
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/js/theme.js"></script>
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="Manual Pages" href="manpages.html" />
<link rel="prev" title="A Brief History of the DNS and BIND" href="history.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="index.html" class="icon icon-home">
BIND 9
</a>
<div class="version">
9.18.39-0ubuntu0.24.04.2-Ubuntu
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul>
<li class="toctree-l1"><a class="reference internal" href="chapter1.html">1. Introduction to DNS and BIND 9</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter2.html">2. Resource Requirements</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter3.html">3. Configurations and Zone Files</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter4.html">4. Name Server Operations</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter5.html">5. DNSSEC</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter6.html">6. Advanced Configurations</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter7.html">7. Security Configurations</a></li>
<li class="toctree-l1"><a class="reference internal" href="reference.html">8. Configuration Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter9.html">9. Troubleshooting</a></li>
<li class="toctree-l1"><a class="reference internal" href="chapter10.html">10. Building BIND 9</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Appendices</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="notes.html">Release Notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="changelog.html">Changelog</a></li>
<li class="toctree-l1"><a class="reference internal" href="dnssec-guide.html">DNSSEC Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="history.html">A Brief History of the DNS and BIND</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">General DNS Reference Information</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#requests-for-comment-rfcs">Requests for Comment (RFCs)</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#protocol-specifications">Protocol Specifications</a></li>
<li class="toctree-l3"><a class="reference internal" href="#best-current-practice-rfcs">Best Current Practice RFCs</a></li>
<li class="toctree-l3"><a class="reference internal" href="#for-your-information">For Your Information</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#notes">Notes</a></li>
<li class="toctree-l2"><a class="reference internal" href="#internet-drafts">Internet Drafts</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="manpages.html">Manual Pages</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">BIND 9</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item active">General DNS Reference Information</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/general.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="general-dns-reference-information">
<h1>General DNS Reference Information<a class="headerlink" href="#general-dns-reference-information" title="Link to this heading"></a></h1>
<section id="requests-for-comment-rfcs">
<span id="rfcs"></span><h2>Requests for Comment (RFCs)<a class="headerlink" href="#requests-for-comment-rfcs" title="Link to this heading"></a></h2>
<p>Specification documents for the Internet protocol suite, including the
DNS, are published as part of the <a class="reference external" href="https://www.ietf.org/process/rfcs/">Request for Comments</a> (RFCs) series
of technical notes. The standards themselves are defined by the
<a class="reference external" href="https://www.ietf.org/about/">Internet Engineering Task Force</a> (IETF) and the <a class="reference external" href="https://www.ietf.org/about/groups/iesg/">Internet Engineering
Steering Group</a> (IESG). RFCs can be viewed online at:
<a class="reference external" href="https://www.rfc-editor.org/">https://www.rfc-editor.org/</a>.</p>
<p>While reading RFCs, please keep in mind that <span class="target" id="index-0"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1796.html"><strong>not all RFCs are
standards</strong></a>, and also that the validity of documents does change
over time. Every RFC needs to be interpreted in the context of other
documents.</p>
<p>BIND 9 strives for strict compliance with IETF standards. To the best
of our knowledge, BIND 9 complies with the following RFCs, with
the caveats and exceptions listed in the numbered notes below. Many
of these RFCs were written by current or former ISC staff members.
The list is non-exhaustive.</p>
<p>Some of these RFCs, though DNS-related, are not concerned with implementing
software.</p>
<section id="protocol-specifications">
<h3>Protocol Specifications<a class="headerlink" href="#protocol-specifications" title="Link to this heading"></a></h3>
<p><span class="target" id="index-1"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1034.html"><strong>RFC 1034</strong></a> - P. Mockapetris. <em>Domain Names — Concepts and Facilities.</em> November
1987.</p>
<p><span class="target" id="index-2"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1035.html"><strong>RFC 1035</strong></a> - P. Mockapetris. <em>Domain Names — Implementation and Specification.</em>
November 1987. <a class="footnote-reference brackets" href="#rfc1035-1" id="id1" role="doc-noteref"><span class="fn-bracket">[</span>1<span class="fn-bracket">]</span></a> <a class="footnote-reference brackets" href="#rfc1035-2" id="id2" role="doc-noteref"><span class="fn-bracket">[</span>2<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-3"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1183.html"><strong>RFC 1183</strong></a> - C. F. Everhart, L. A. Mamakos, R. Ullmann, P. Mockapetris. <em>New DNS RR
Definitions.</em> October 1990.</p>
<p><span class="target" id="index-4"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1521.html"><strong>RFC 1521</strong></a> - N. Borenstein, N. Freed - <em>MIME (Multipurpose Internet Mail Extensions)
Part One: Mechanisms for Specifying and Describing the Format of Internet Message
Bodies.</em> September 1993. <a class="footnote-reference brackets" href="#rfc1521" id="id3" role="doc-noteref"><span class="fn-bracket">[</span>17<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-5"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1706.html"><strong>RFC 1706</strong></a> - B. Manning and R. Colella. <em>DNS NSAP Resource Records.</em> October 1994.</p>
<p><span class="target" id="index-6"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1712.html"><strong>RFC 1712</strong></a> - C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. <em>DNS Encoding of
Geographical Location.</em> November 1994.</p>
<p><span class="target" id="index-7"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1876.html"><strong>RFC 1876</strong></a> - C. Davis, P. Vixie, T. Goodwin, and I. Dickinson. <em>A Means for Expressing
Location Information in the Domain Name System.</em> January 1996.</p>
<p><span class="target" id="index-8"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1982.html"><strong>RFC 1982</strong></a> - R. Elz and R. Bush. <em>Serial Number Arithmetic.</em> August 1996.</p>
<p><span class="target" id="index-9"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1995.html"><strong>RFC 1995</strong></a> - M. Ohta. <em>Incremental Zone Transfer in DNS.</em> August 1996.</p>
<p><span class="target" id="index-10"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1996.html"><strong>RFC 1996</strong></a> - P. Vixie. <em>A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY).</em>
August 1996.</p>
<p><span class="target" id="index-11"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2136.html"><strong>RFC 2136</strong></a> - P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. <em>Dynamic Updates in the
Domain Name System (DNS UPDATE).</em> April 1997.</p>
<p><span class="target" id="index-12"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2163.html"><strong>RFC 2163</strong></a> - A. Allocchio. <em>Using the Internet DNS to Distribute MIXER
Conformant Global Address Mapping (MCGAM).</em> January 1998.</p>
<p><span class="target" id="index-13"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2181.html"><strong>RFC 2181</strong></a> - R. Elz and R. Bush. <em>Clarifications to the DNS Specification.</em> July 1997.</p>
<p><span class="target" id="index-14"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2230.html"><strong>RFC 2230</strong></a> - R. Atkinson. <em>Key Exchange Delegation Record for the DNS.</em> November
1997.</p>
<p><span class="target" id="index-15"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2308.html"><strong>RFC 2308</strong></a> - M. Andrews. <em>Negative Caching of DNS Queries (DNS NCACHE).</em> March 1998.</p>
<p><span class="target" id="index-16"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2539.html"><strong>RFC 2539</strong></a> - D. Eastlake, 3rd. <em>Storage of Diffie-Hellman Keys in the Domain Name
System (DNS).</em> March 1999.</p>
<p><span class="target" id="index-17"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2782.html"><strong>RFC 2782</strong></a> - A. Gulbrandsen, P. Vixie, and L. Esibov. <em>A DNS RR for Specifying the
Location of Services (DNS SRV).</em> February 2000.</p>
<p><span class="target" id="index-18"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2930.html"><strong>RFC 2930</strong></a> - D. Eastlake, 3rd. <em>Secret Key Establishment for DNS (TKEY RR).</em>
September 2000.</p>
<p><span class="target" id="index-19"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2931.html"><strong>RFC 2931</strong></a> - D. Eastlake, 3rd. <em>DNS Request and Transaction Signatures (SIG(0)s).</em>
September 2000. <a class="footnote-reference brackets" href="#rfc2931" id="id4" role="doc-noteref"><span class="fn-bracket">[</span>3<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-20"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3007.html"><strong>RFC 3007</strong></a> - B. Wellington. <em>Secure Domain Name System (DNS) Dynamic Update.</em>
November 2000.</p>
<p><span class="target" id="index-21"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3110.html"><strong>RFC 3110</strong></a> - D. Eastlake, 3rd. <em>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name
System (DNS).</em> May 2001.</p>
<p><span class="target" id="index-22"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3123.html"><strong>RFC 3123</strong></a> - P. Koch. <em>A DNS RR Type for Lists of Address Prefixes (APL RR).</em> June
2001.</p>
<p><span class="target" id="index-23"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3225.html"><strong>RFC 3225</strong></a> - D. Conrad. <em>Indicating Resolver Support of DNSSEC.</em> December 2001.</p>
<p><span class="target" id="index-24"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3226.html"><strong>RFC 3226</strong></a> - O. Gudmundsson. <em>DNSSEC and IPv6 A6 Aware Server/Resolver
Message Size Requirements.</em> December 2001.</p>
<p><span class="target" id="index-25"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3363.html"><strong>RFC 3363</strong></a> - R. Bush, A. Durand, B. Fink, O. Gudmundsson, and T. Hain.
<em>Representing Internet Protocol Version 6 (IPv6) Addresses in the Domain Name
System (DNS).</em> August 2002. <a class="footnote-reference brackets" href="#rfc3363" id="id5" role="doc-noteref"><span class="fn-bracket">[</span>15<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-26"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3403.html"><strong>RFC 3403</strong></a> - M. Mealling.
<em>Dynamic Delegation Discovery System (DDDS). Part Three: The Domain Name System
(DNS) Database.</em>
October 2002.</p>
<p><span class="target" id="index-27"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3492.html"><strong>RFC 3492</strong></a> - A. Costello. <em>Punycode: A Bootstring Encoding of Unicode for
Internationalized Domain Names in Applications (IDNA).</em> March 2003. <a class="footnote-reference brackets" href="#idna" id="id6" role="doc-noteref"><span class="fn-bracket">[</span>18<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-28"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3493.html"><strong>RFC 3493</strong></a> - R. Gilligan, S. Thomson, J. Bound, J. McCann, and W. Stevens.
<em>Basic Socket Interface Extensions for IPv6.</em> March 2003.</p>
<p><span class="target" id="index-29"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3496.html"><strong>RFC 3496</strong></a> - A. G. Malis and T. Hsiao. <em>Protocol Extension for Support of
Asynchronous Transfer Mode (ATM) Service Class-aware Multiprotocol Label
Switching (MPLS) Traffic Engineering.</em> March 2003.</p>
<p><span class="target" id="index-30"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3596.html"><strong>RFC 3596</strong></a> - S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. <em>DNS Extensions to
Support IP Version 6.</em> October 2003.</p>
<p><span class="target" id="index-31"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3597.html"><strong>RFC 3597</strong></a> - A. Gustafsson. <em>Handling of Unknown DNS Resource Record (RR) Types.</em>
September 2003.</p>
<p><span class="target" id="index-32"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3645.html"><strong>RFC 3645</strong></a> - S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. <em>Generic
Security Service Algorithm for Secret Key Transaction Authentication for
DNS (GSS-TSIG).</em> October 2003.</p>
<p><span class="target" id="index-33"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4025.html"><strong>RFC 4025</strong></a> - M. Richardson. <em>A Method for Storing IPsec Keying Material in
DNS.</em> March 2005.</p>
<p><span class="target" id="index-34"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4033.html"><strong>RFC 4033</strong></a> - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. <em>DNS Security
Introduction and Requirements.</em> March 2005.</p>
<p><span class="target" id="index-35"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4034.html"><strong>RFC 4034</strong></a> - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. <em>Resource Records for
the DNS Security Extensions.</em> March 2005.</p>
<p><span class="target" id="index-36"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4035.html"><strong>RFC 4035</strong></a> - R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. <em>Protocol
Modifications for the DNS Security Extensions.</em> March 2005.</p>
<p><span class="target" id="index-37"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4255.html"><strong>RFC 4255</strong></a> - J. Schlyter and W. Griffin. <em>Using DNS to Securely Publish Secure
Shell (SSH) Key Fingerprints.</em> January 2006.</p>
<p><span class="target" id="index-38"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4343.html"><strong>RFC 4343</strong></a> - D. Eastlake, 3rd. <em>Domain Name System (DNS) Case Insensitivity
Clarification.</em> January 2006.</p>
<p><span class="target" id="index-39"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4398.html"><strong>RFC 4398</strong></a> - S. Josefsson. <em>Storing Certificates in the Domain Name System (DNS).</em> March 2006.</p>
<p><span class="target" id="index-40"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4470.html"><strong>RFC 4470</strong></a> - S. Weiler and J. Ihren. <em>Minimally covering NSEC Records and
DNSSEC On-line Signing.</em> April 2006. <a class="footnote-reference brackets" href="#rfc4470" id="id7" role="doc-noteref"><span class="fn-bracket">[</span>6<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-41"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4509.html"><strong>RFC 4509</strong></a> - W. Hardaker. <em>Use of SHA-256 in DNSSEC Delegation Signer
(DS) Resource Records (RRs).</em> May 2006.</p>
<p><span class="target" id="index-42"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4592.html"><strong>RFC 4592</strong></a> - E. Lewis. <em>The Role of Wildcards in the Domain Name System.</em> July 2006.</p>
<p><span class="target" id="index-43"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4635.html"><strong>RFC 4635</strong></a> - D. Eastlake, 3rd. <em>HMAC SHA (Hashed Message Authentication
Code, Secure Hash Algorithm) TSIG Algorithm Identifiers.</em> August 2006.</p>
<p><span class="target" id="index-44"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4701.html"><strong>RFC 4701</strong></a> - M. Stapp, T. Lemon, and A. Gustafsson. <em>A DNS Resource Record
(RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID
RR).</em> October 2006.</p>
<p><span class="target" id="index-45"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4955.html"><strong>RFC 4955</strong></a> - D. Blacka. <em>DNS Security (DNSSEC) Experiments.</em> July 2007. <a class="footnote-reference brackets" href="#rfc4955" id="id8" role="doc-noteref"><span class="fn-bracket">[</span>7<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-46"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5001.html"><strong>RFC 5001</strong></a> - R. Austein. <em>DNS Name Server Identifier (NSID) Option.</em> August 2007.</p>
<p><span class="target" id="index-47"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5011.html"><strong>RFC 5011</strong></a> - M. StJohns. <em>Automated Updates of DNS Security (DNSSEC) Trust Anchors.</em></p>
<p><span class="target" id="index-48"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5155.html"><strong>RFC 5155</strong></a> - B. Laurie, G. Sisson, R. Arends, and D. Blacka. <em>DNS Security
(DNSSEC) Hashed Authenticated Denial of Existence.</em> March 2008.</p>
<p><span class="target" id="index-49"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5205.html"><strong>RFC 5205</strong></a> - P. Nikander and J. Laganier. <em>Host Identity Protocol (HIP)
Domain Name System (DNS) Extension.</em> April 2008.</p>
<p><span class="target" id="index-50"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5452.html"><strong>RFC 5452</strong></a> - A. Hubert and R. van Mook. <em>Measures for Making DNS More
Resilient Against Forged Answers.</em> January 2009. <a class="footnote-reference brackets" href="#rfc5452" id="id9" role="doc-noteref"><span class="fn-bracket">[</span>8<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-51"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5702.html"><strong>RFC 5702</strong></a> - J. Jansen. <em>Use of SHA-2 Algorithms with RSA in DNSKEY and
RRSIG Resource Records for DNSSEC.</em> October 2009.</p>
<p><span class="target" id="index-52"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5891.html"><strong>RFC 5891</strong></a> - J. Klensin.
<em>Internationalized Domain Names in Applications (IDNA): Protocol.</em>
August 2010 <a class="footnote-reference brackets" href="#idna" id="id10" role="doc-noteref"><span class="fn-bracket">[</span>18<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-53"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5936.html"><strong>RFC 5936</strong></a> - E. Lewis and A. Hoenes, Ed. <em>DNS Zone Transfer Protocol (AXFR).</em>
June 2010.</p>
<p><span class="target" id="index-54"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5952.html"><strong>RFC 5952</strong></a> - S. Kawamura and M. Kawashima. <em>A Recommendation for IPv6 Address
Text Representation.</em> August 2010.</p>
<p><span class="target" id="index-55"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6052.html"><strong>RFC 6052</strong></a> - C. Bao, C. Huitema, M. Bagnulo, M. Boucadair, and X. Li. <em>IPv6
Addressing of IPv4/IPv6 Translators.</em> October 2010.</p>
<p><span class="target" id="index-56"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6147.html"><strong>RFC 6147</strong></a> - M. Bagnulo, A. Sullivan, P. Matthews, and I. van Beijnum.
<em>DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to
IPv4 Servers.</em> April 2011. <a class="footnote-reference brackets" href="#rfc6147" id="id11" role="doc-noteref"><span class="fn-bracket">[</span>9<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-57"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6604.html"><strong>RFC 6604</strong></a> - D. Eastlake, 3rd. <em>xNAME RCODE and Status Bits Clarification.</em>
April 2012.</p>
<p><span class="target" id="index-58"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6605.html"><strong>RFC 6605</strong></a> - P. Hoffman and W. C. A. Wijngaards. <em>Elliptic Curve Digital
Signature Algorithm (DSA) for DNSSEC.</em> April 2012. <a class="footnote-reference brackets" href="#rfc6605" id="id12" role="doc-noteref"><span class="fn-bracket">[</span>10<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-59"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6672.html"><strong>RFC 6672</strong></a> - S. Rose and W. Wijngaards. <em>DNAME Redirection in the DNS.</em>
June 2012.</p>
<p><span class="target" id="index-60"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6698.html"><strong>RFC 6698</strong></a> - P. Hoffman and J. Schlyter. <em>The DNS-Based Authentication of
Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA.</em>
August 2012.</p>
<p><span class="target" id="index-61"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6725.html"><strong>RFC 6725</strong></a> - S. Rose. <em>DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry
Updates.</em> August 2012. <a class="footnote-reference brackets" href="#rfc6725" id="id13" role="doc-noteref"><span class="fn-bracket">[</span>11<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-62"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6742.html"><strong>RFC 6742</strong></a> - RJ Atkinson, SN Bhatti, U. St. Andrews, and S. Rose. <em>DNS
Resource Records for the Identifier-Locator Network Protocol (ILNP).</em>
November 2012.</p>
<p><span class="target" id="index-63"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6840.html"><strong>RFC 6840</strong></a> - S. Weiler, Ed., and D. Blacka, Ed. <em>Clarifications and
Implementation Notes for DNS Security (DNSSEC).</em> February 2013. <a class="footnote-reference brackets" href="#rfc6840" id="id14" role="doc-noteref"><span class="fn-bracket">[</span>12<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-64"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6891.html"><strong>RFC 6891</strong></a> - J. Damas, M. Graff, and P. Vixie. <em>Extension Mechanisms for DNS
(EDNS(0)).</em> April 2013.</p>
<p><span class="target" id="index-65"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7043.html"><strong>RFC 7043</strong></a> - J. Abley. <em>Resource Records for EUI-48 and EUI-64 Addresses
in the DNS.</em> October 2013.</p>
<p><span class="target" id="index-66"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7050.html"><strong>RFC 7050</strong></a> - T. Savolainen, J. Korhonen, and D. Wing. <em>Discovery of the IPv6
Prefix Used for IPv6 Address Synthesis.</em> November 2013. <a class="footnote-reference brackets" href="#rfc7050" id="id15" role="doc-noteref"><span class="fn-bracket">[</span>20<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-67"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7208.html"><strong>RFC 7208</strong></a> - S. Kitterman.
<em>Sender Policy Framework (SPF) for Authorizing Use of Domains in Email,
Version 1.</em>
April 2014.</p>
<p><span class="target" id="index-68"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7314.html"><strong>RFC 7314</strong></a> - M. Andrews. <em>Extension Mechanisms for DNS (EDNS) EXPIRE Option.</em>
July 2014.</p>
<p><span class="target" id="index-69"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7344.html"><strong>RFC 7344</strong></a> - W. Kumari, O. Gudmundsson, and G. Barwood. <em>Automating DNSSEC
Delegation Trust Maintenance.</em> September 2014. <a class="footnote-reference brackets" href="#rfc7344" id="id16" role="doc-noteref"><span class="fn-bracket">[</span>13<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-70"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7477.html"><strong>RFC 7477</strong></a> - W. Hardaker. <em>Child-to-Parent Synchronization in DNS.</em> March
2015.</p>
<p><span class="target" id="index-71"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7553.html"><strong>RFC 7553</strong></a> - P. Faltstrom and O. Kolkman. <em>The Uniform Resource Identifier
(URI) DNS Resource Record.</em> June 2015.</p>
<p><span class="target" id="index-72"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7583.html"><strong>RFC 7583</strong></a> - S. Morris, J. Ihren, J. Dickinson, and W. Mekking. <em>DNSSEC Key
Rollover Timing Considerations.</em> October 2015.</p>
<p><span class="target" id="index-73"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7766.html"><strong>RFC 7766</strong></a> - J. Dickinson, S. Dickinson, R. Bellis, A. Mankin, and D.
Wessels. <em>DNS Transport over TCP - Implementation Requirements.</em> March 2016.</p>
<p><span class="target" id="index-74"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7828.html"><strong>RFC 7828</strong></a> - P. Wouters, J. Abley, S. Dickinson, and R. Bellis.
<em>The edns-tcp-keepalive EDNS0 Option.</em> April 2016.</p>
<p><span class="target" id="index-75"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7830.html"><strong>RFC 7830</strong></a> - A. Mayrhofer. <em>The EDNS(0) Padding Option.</em> May 2016. <a class="footnote-reference brackets" href="#rfc7830" id="id17" role="doc-noteref"><span class="fn-bracket">[</span>14<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-76"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7858.html"><strong>RFC 7858</strong></a> - Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels,
and P. Hoffman. <em>Specification for DNS over Transport Layer Security (TLS).</em>
May 2016. <a class="footnote-reference brackets" href="#noencryptedfwd" id="id18" role="doc-noteref"><span class="fn-bracket">[</span>21<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-77"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7929.html"><strong>RFC 7929</strong></a> - P. Wouters. <em>DNS-Based Authentication of Named Entities (DANE)
Bindings for OpenPGP.</em> August 2016.</p>
<p><span class="target" id="index-78"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8078.html"><strong>RFC 8078</strong></a> - O. Gudmundsson and P. Wouters. <em>Managing DS Records from the
Parent via CDS/CDNSKEY.</em> March 2017. <a class="footnote-reference brackets" href="#rfc8078" id="id19" role="doc-noteref"><span class="fn-bracket">[</span>22<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-79"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8080.html"><strong>RFC 8080</strong></a> - O. Sury and R. Edmonds. <em>Edwards-Curve Digital Security Algorithm
(EdDSA) for DNSSEC.</em> February 2017.</p>
<p><span class="target" id="index-80"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8484.html"><strong>RFC 8484</strong></a> - P. Hoffman and P. McManus. <em>DNS Queries over HTTPS (DoH).</em>
October 2018. <a class="footnote-reference brackets" href="#noencryptedfwd" id="id20" role="doc-noteref"><span class="fn-bracket">[</span>21<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-81"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8509.html"><strong>RFC 8509</strong></a> - G. Huston, J. Damas, W. Kumari. <em>A Root Key Trust Anchor Sentinel
for DNSSEC.</em> December 2018.</p>
<p><span class="target" id="index-82"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8624.html"><strong>RFC 8624</strong></a> - P. Wouters and O. Sury. <em>Algorithm Implementation Requirements
and Usage Guidance for DNSSEC.</em> June 2019.</p>
<p><span class="target" id="index-83"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8659.html"><strong>RFC 8659</strong></a> - P. Hallam-Baker, R. Stradling, and J. Hoffman-Andrews.
<em>DNS Certification Authority Authorization (CAA) Resource Record.</em>
November 2019.</p>
<p><span class="target" id="index-84"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8880.html"><strong>RFC 8880</strong></a> - S. Cheshire and D. Schinazi. <em>Special Use Domain Name
‘ipv4only.arpa’.</em> August 2020.</p>
<p><span class="target" id="index-85"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8945.html"><strong>RFC 8945</strong></a> - F. Dupont, S. Morris, P. Vixie, D. Eastlake 3rd, O. Gudmundsson,
and B. Wellington.
<em>Secret Key Transaction Authentication for DNS (TSIG).</em>
November 2020.</p>
<p><span class="target" id="index-86"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc9103.html"><strong>RFC 9103</strong></a> - W. Toorop, S. Dickinson, S. Sahib, P. Aras, and A. Mankin.
<em>DNS Zone Transfer over TLS.</em> August 2021. <a class="footnote-reference brackets" href="#rfc9103" id="id21" role="doc-noteref"><span class="fn-bracket">[</span>23<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-87"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc9432.html"><strong>RFC 9432</strong></a> - P. van Dijk, L. Peltan, O. Sury, W. Toorop, C.R. Monshouwer,
P. Thomassen, A. Sargsyan. <em>DNS Catalog Zones.</em> July 2023.</p>
<p><span class="target" id="index-88"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc9460.html"><strong>RFC 9460</strong></a> - B. Schwartz, M. Bishop and E. Nygren, <em>Service Binding and
Parameter Specification via the DNS (SVCB and HTTPS Resource Records).</em>
November 2023. <a class="footnote-reference brackets" href="#rfc9460" id="id22" role="doc-noteref"><span class="fn-bracket">[</span>24<span class="fn-bracket">]</span></a></p>
</section>
<section id="best-current-practice-rfcs">
<h3>Best Current Practice RFCs<a class="headerlink" href="#best-current-practice-rfcs" title="Link to this heading"></a></h3>
<p><span class="target" id="index-89"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2219.html"><strong>RFC 2219</strong></a> - M. Hamilton and R. Wright. <em>Use of DNS Aliases for Network Services.</em>
October 1997.</p>
<p><span class="target" id="index-90"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2317.html"><strong>RFC 2317</strong></a> - H. Eidnes, G. de Groot, and P. Vixie. <em>Classless IN-ADDR.ARPA Delegation.</em>
March 1998.</p>
<p><span class="target" id="index-91"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2606.html"><strong>RFC 2606</strong></a> - D. Eastlake, 3rd and A. Panitz. <em>Reserved Top Level DNS Names.</em> June
1999. <a class="footnote-reference brackets" href="#rfc2606" id="id23" role="doc-noteref"><span class="fn-bracket">[</span>16<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-92"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3901.html"><strong>RFC 3901</strong></a> - A. Durand and J. Ihren. <em>DNS IPv6 Transport Operational Guidelines.</em>
September 2004.</p>
<p><span class="target" id="index-93"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc5625.html"><strong>RFC 5625</strong></a> - R. Bellis. <em>DNS Proxy Implementation Guidelines.</em> August 2009.</p>
<p><span class="target" id="index-94"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6303.html"><strong>RFC 6303</strong></a> - M. Andrews. <em>Locally Served DNS Zones.</em> July 2011.</p>
<p><span class="target" id="index-95"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7793.html"><strong>RFC 7793</strong></a> - M. Andrews. <em>Adding 100.64.0.0/10 Prefixes to the IPv4
Locally-Served DNS Zones Registry.</em> May 2016.</p>
<p><span class="target" id="index-96"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8906.html"><strong>RFC 8906</strong></a> - M. Andrews and R. Bellis. <em>A Common Operational Problem in DNS
Servers: Failure to Communicate.</em> September 2020.</p>
<p><span class="target" id="index-97"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc9276.html"><strong>RFC 9276</strong></a> - W. Hardaker and V. Dukhovni. <em>Guidance for NSEC3 Parameter Settings.</em> August 2022.</p>
</section>
<section id="for-your-information">
<h3>For Your Information<a class="headerlink" href="#for-your-information" title="Link to this heading"></a></h3>
<p><span class="target" id="index-98"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1101.html"><strong>RFC 1101</strong></a> - P. Mockapetris. <em>DNS Encoding of Network Names and Other Types.</em>
April 1989.</p>
<p><span class="target" id="index-99"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1123.html"><strong>RFC 1123</strong></a> - R. Braden. <em>Requirements for Internet Hosts - Application and
Support.</em> October 1989.</p>
<p><span class="target" id="index-100"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1535.html"><strong>RFC 1535</strong></a> - E. Gavron. <em>A Security Problem and Proposed Correction With Widely
Deployed DNS Software.</em> October 1993.</p>
<p><span class="target" id="index-101"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1536.html"><strong>RFC 1536</strong></a> - A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. <em>Common DNS
Implementation Errors and Suggested Fixes.</em> October 1993.</p>
<p><span class="target" id="index-102"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc1912.html"><strong>RFC 1912</strong></a> - D. Barr. <em>Common DNS Operational and Configuration Errors.</em> February
1996.</p>
<p><span class="target" id="index-103"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc2874.html"><strong>RFC 2874</strong></a> - M. Crawford and C. Huitema. <em>DNS Extensions to Support IPv6 Address
Aggregation and Renumbering.</em> July 2000. <a class="footnote-reference brackets" href="#rfc2874" id="id24" role="doc-noteref"><span class="fn-bracket">[</span>4<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-104"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3833.html"><strong>RFC 3833</strong></a> - D. Atkins and R. Austein. <em>Threat Analysis of the Domain Name System
(DNS).</em> August 2004.</p>
<p><span class="target" id="index-105"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4074.html"><strong>RFC 4074</strong></a> - Y. Morishita and T. Jinmei. <em>Common Misbehavior Against DNS Queries for
IPv6 Addresses.</em> June 2005.</p>
<p><span class="target" id="index-106"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4294.html"><strong>RFC 4294</strong></a> - J. Loughney, Ed. - <em>IPv6 Node Requirements.</em> April 2006. <a class="footnote-reference brackets" href="#rfc4294" id="id25" role="doc-noteref"><span class="fn-bracket">[</span>19<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-107"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4431.html"><strong>RFC 4431</strong></a> - M. Andrews and S. Weiler. <em>The DNSSEC Lookaside Validation
(DLV) DNS Resource Record.</em> February 2006. <a class="footnote-reference brackets" href="#rfc4431" id="id26" role="doc-noteref"><span class="fn-bracket">[</span>5<span class="fn-bracket">]</span></a></p>
<p><span class="target" id="index-108"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc4892.html"><strong>RFC 4892</strong></a> - S. Woolf and D. Conrad. <em>Requirements for a Mechanism
Identifying a Name Server Instance.</em> June 2007.</p>
<p><span class="target" id="index-109"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc6781.html"><strong>RFC 6781</strong></a> - O. Kolkman, W. Mekking, and R. Gieben. <em>DNSSEC Operational
Practices, Version 2.</em> December 2012.</p>
<p><span class="target" id="index-110"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc7129.html"><strong>RFC 7129</strong></a> - R. Gieben and W. Mekking. <em>Authenticated Denial of Existence
in the DNS.</em> February 2014.</p>
<p><span class="target" id="index-111"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8749.html"><strong>RFC 8749</strong></a> - W. Mekking and D. Mahoney. <em>Moving DNSSEC Lookaside Validation
(DLV) to Historic Status.</em> March 2020.</p>
</section>
</section>
<section id="notes">
<h2>Notes<a class="headerlink" href="#notes" title="Link to this heading"></a></h2>
<aside class="footnote-list brackets">
<aside class="footnote brackets" id="rfc1035-1" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id1">1</a><span class="fn-bracket">]</span></span>
<p>Queries to zones that have failed to load return SERVFAIL rather
than a non-authoritative response. This is considered a feature.</p>
</aside>
<aside class="footnote brackets" id="rfc1035-2" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id2">2</a><span class="fn-bracket">]</span></span>
<p>CLASS ANY queries are not supported. This is considered a
feature.</p>
</aside>
<aside class="footnote brackets" id="rfc2931" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id4">3</a><span class="fn-bracket">]</span></span>
<p>Support for SIG(0) message verification was removed
as part of the mitigation of CVE-2024-1975.</p>
</aside>
<aside class="footnote brackets" id="rfc2874" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id24">4</a><span class="fn-bracket">]</span></span>
<p>Compliance is with loading and serving of A6 records only.
A6 records were moved to the experimental category by <span class="target" id="index-112"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc3363.html"><strong>RFC 3363</strong></a>.</p>
</aside>
<aside class="footnote brackets" id="rfc4431" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id26">5</a><span class="fn-bracket">]</span></span>
<p>Compliance is with loading and serving of DLV records only.
DLV records were moved to the historic category by <span class="target" id="index-113"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8749.html"><strong>RFC 8749</strong></a>.</p>
</aside>
<aside class="footnote brackets" id="rfc4470" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id7">6</a><span class="fn-bracket">]</span></span>
<p>Minimally Covering NSEC records are accepted but not generated.</p>
</aside>
<aside class="footnote brackets" id="rfc4955" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id8">7</a><span class="fn-bracket">]</span></span>
<p>BIND 9 interoperates with correctly designed experiments.</p>
</aside>
<aside class="footnote brackets" id="rfc5452" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id9">8</a><span class="fn-bracket">]</span></span>
<p><a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> only uses ports to extend the ID space; addresses are not
used.</p>
</aside>
<aside class="footnote brackets" id="rfc6147" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id11">9</a><span class="fn-bracket">]</span></span>
<p>Section 5.5 does not match reality. <a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> uses the presence
of DO=1 to detect if validation may be occurring. CD has no bearing
on whether validation occurs.</p>
</aside>
<aside class="footnote brackets" id="rfc6605" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id12">10</a><span class="fn-bracket">]</span></span>
<p>Compliance is conditional on the OpenSSL library being linked against
a supporting ECDSA.</p>
</aside>
<aside class="footnote brackets" id="rfc6725" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id13">11</a><span class="fn-bracket">]</span></span>
<p>RSAMD5 support has been removed. See <span class="target" id="index-114"></span><a class="rfc reference external" href="https://datatracker.ietf.org/doc/html/rfc8624.html"><strong>RFC 8624</strong></a>.</p>
</aside>
<aside class="footnote brackets" id="rfc6840" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id14">12</a><span class="fn-bracket">]</span></span>
<p>Section 5.9 - Always set CD=1 on queries. This is <em>not</em> done, as
it prevents DNSSEC from working correctly through another recursive server.</p>
<p>When talking to a recursive server, the best algorithm is to send
CD=0 and then send CD=1 iff SERVFAIL is returned, in case the recursive
server has a bad clock and/or bad trust anchor. Alternatively, one
can send CD=1 then CD=0 on validation failure, in case the recursive
server is under attack or there is stale/bogus authoritative data.</p>
</aside>
<aside class="footnote brackets" id="rfc7344" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id16">13</a><span class="fn-bracket">]</span></span>
<p>Updating of parent zones is not yet implemented.</p>
</aside>
<aside class="footnote brackets" id="rfc7830" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id17">14</a><span class="fn-bracket">]</span></span>
<p><a class="reference internal" href="manpages.html#std-iscman-named"><code class="xref std std-iscman docutils literal notranslate"><span class="pre">named</span></code></a> does not currently encrypt DNS requests, so the PAD option
is accepted but not returned in responses.</p>
</aside>
<aside class="footnote brackets" id="rfc3363" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id5">15</a><span class="fn-bracket">]</span></span>
<p>Section 4 is ignored.</p>
</aside>
<aside class="footnote brackets" id="rfc2606" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id23">16</a><span class="fn-bracket">]</span></span>
<p>This does not apply to DNS server implementations.</p>
</aside>
<aside class="footnote brackets" id="rfc1521" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id3">17</a><span class="fn-bracket">]</span></span>
<p>Only the Base 64 encoding specification is supported.</p>
</aside>
<aside class="footnote brackets" id="idna" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span>18<span class="fn-bracket">]</span></span>
<span class="backrefs">(<a role="doc-backlink" href="#id6">1</a>,<a role="doc-backlink" href="#id10">2</a>)</span>
<p>BIND 9 requires <code class="docutils literal notranslate"><span class="pre">--with-libidn2</span></code> to enable entry of IDN labels within
dig, host, and nslookup at compile time. ACE labels are supported
everywhere with or without <code class="docutils literal notranslate"><span class="pre">--with-libidn2</span></code>.</p>
</aside>
<aside class="footnote brackets" id="rfc4294" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id25">19</a><span class="fn-bracket">]</span></span>
<p>Section 5.1 - DNAME records are fully supported.</p>
</aside>
<aside class="footnote brackets" id="rfc7050" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id15">20</a><span class="fn-bracket">]</span></span>
<p>RFC 7050 is updated by RFC 8880.</p>
</aside>
<aside class="footnote brackets" id="noencryptedfwd" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span>21<span class="fn-bracket">]</span></span>
<span class="backrefs">(<a role="doc-backlink" href="#id18">1</a>,<a role="doc-backlink" href="#id20">2</a>)</span>
<p>Forwarding DNS queries over encrypted transports is not
supported yet.</p>
</aside>
<aside class="footnote brackets" id="rfc8078" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id19">22</a><span class="fn-bracket">]</span></span>
<p>Updating of parent zones is not yet implemented.</p>
</aside>
<aside class="footnote brackets" id="rfc9103" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id21">23</a><span class="fn-bracket">]</span></span>
<p>Strict TLS and Mutual TLS authentication mechanisms are
not supported yet.</p>
</aside>
<aside class="footnote brackets" id="rfc9460" role="doc-footnote">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id22">24</a><span class="fn-bracket">]</span></span>
<p>Additional section processing is not supported for HTTPS and
SVCB records.</p>
</aside>
</aside>
</section>
<section id="internet-drafts">
<span id="id27"></span><h2>Internet Drafts<a class="headerlink" href="#internet-drafts" title="Link to this heading"></a></h2>
<p>Internet Drafts (IDs) are rough-draft working documents of the Internet
Engineering Task Force (IETF). They are, in essence, RFCs in the preliminary
stages of development. Implementors are cautioned not to regard IDs as
archival, and they should not be quoted or cited in any formal documents
unless accompanied by the disclaimer that they are “works in progress.”
IDs have a lifespan of six months, after which they are deleted unless
updated by their authors.</p>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="history.html" class="btn btn-neutral float-left" title="A Brief History of the DNS and BIND" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="manpages.html" class="btn btn-neutral float-right" title="Manual Pages" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>© Copyright 2025, Internet Systems Consortium.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>