From dd7404f46783e9a4b8b4be7ad5dc62c4f9a0ac24 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 21 Apr 2008 09:08:35 +0000 Subject: [PATCH] FEATURES document. git-svn-id: file:///svn/unbound/trunk@1057 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 3 ++ doc/FEATURES | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 doc/FEATURES diff --git a/doc/Changelog b/doc/Changelog index 2046283df..baf77ead7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +21 April 2008: Wouter + - FEATURES document. + 16 April 2008: Wouter - requirements doc, updated clean query returns. - parseunbound.pl update from Kai Storbeck. diff --git a/doc/FEATURES b/doc/FEATURES new file mode 100644 index 000000000..5f570a8da --- /dev/null +++ b/doc/FEATURES @@ -0,0 +1,90 @@ +Unbound Features + +(C) Copyright 2008, Wouter Wijngaards, NLnet Labs. + + +This document describes the features and RFCs that unbound +adheres to, and which ones are decided to be out of scope. + + +Big Features +------------ +Recursive service. +Caching service. +Forwarding and stub zones. +No authoritative service. +DNSSEC Validation options. +EDNS0, NSEC3, Unknown-RR-types. + + +Details +------- +Processing support +RFC 1034-1035: as a recursive, caching server. Not authoritative. + including CNAMEs, referrals, wildcards, classes, ... +RFC 4033-4035: as a validating caching server (unbound daemon). + as a validating stub (libunbound). +RFC 1918. +RFC 2181: completely, including the trust model, keeping rrsets together. +RFC 2672: DNAME support. +RFC 3597: Unknown RR type support. +EDNS0 support, default advertisement 4Kb size. +RFC 5155: NSEC3, NSEC3PARAM types +AAAA type. and IP6 dual stack support. +type ANY queries are supported. +RFC 2308: TTL directive, and the rest of the RFC too. + +RFC 1995, 1996, 2136: not authoritative, so no AXFR, IXFR, NOTIFY or + dynamic update services are appropriate. + +chroot and drop-root-privileges support, default enabled in config file. + +AD bit in query can be used to request AD bit in response (w/o using DO bit). +CD bit in query can be used to request bogus data. +UDP and TCP service is provided downstream. +UDP and TCP are used to request from upstream servers. +Multiple queries can be made over a TCP stream. + +No TSIG support at this time. +No SIG0 support at this time. +No dTLS support at this time. +This is not a DNS statistics package, but some operationally useful +values are provided. +TXT RRs from the Chaos class (id.server, hostname.bind, ...) supported. + +draft-forgery-resilience: all recommendations followed. +draft-0x20: experimental implementation (incomplete). + implements bitwise echo of the query to support downstream 0x20. +draft-ietf-dnsop-default-local-zones is fully supported (-04). + It is possible to block zones or return an address for localhost. + This is a very limited authoritative service. Defaults as in draft. +draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to + a safety belt list. +draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured + as trust anchors. Also DNSKEYs are allowed, by the way. +draft-ietf-dnsop-reflectors-are-evil: access control list for recursive + service. In fact for all DNS service so cache snooping is halted. + +Record type syntax support, extensive, from lib ldns. +For these types only syntax and parsing support is needed. +RFC 1034-1035: basic RR types. +RFC 1183: RP, AFSDB, X25, ISDN, RT +RFC 1706: NSAP +RFC 2535: KEY, SIG, NXT: treated as unknown data, syntax is parsed (obsolete). +2163: PX +AAAA type +1876: LOC type +2782: SRV type +2915: NAPTR type. +2230: KX type. +2538: CERT type. +2672: DNAME type. +OPT type +3123: APL +SSHFP type +4025: IPSECKEY +4033-4035: DS, RRSIG, NSEC, DNSKEY +4701: DHCID +5155: NSEC3, NSEC3PARAM +4408: SPF + -- 2.47.2