1 1.1 christos Unbound Features 2 1.1 christos 3 1.1 christos (C) Copyright 2008, Wouter Wijngaards, NLnet Labs. 4 1.1 christos 5 1.1 christos 6 1.1 christos This document describes the features and RFCs that unbound 7 1.1 christos adheres to, and which ones are decided to be out of scope. 8 1.1 christos 9 1.1 christos 10 1.1 christos Big Features 11 1.1 christos ------------ 12 1.1 christos Recursive service. 13 1.1 christos Caching service. 14 1.1 christos Forwarding and stub zones. 15 1.1 christos Very limited authoritative service. 16 1.1 christos DNSSEC Validation options. 17 1.1 christos EDNS0, NSEC3, IPv6, DNAME, Unknown-RR-types. 18 1.1 christos RSASHA256, GOST, ECDSA, SHA384 DNSSEC algorithms. 19 1.1 christos 20 1.1 christos Details 21 1.1 christos ------- 22 1.1 christos Processing support 23 1.1 christos RFC 1034-1035: as a recursive, caching server. Not authoritative. 24 1.1 christos including CNAMEs, referrals, wildcards, classes, ... 25 1.1 christos AAAA type, and IP6 dual stack support. 26 1.1 christos type ANY queries are supported, class ANY queries are supported. 27 1.1 christos RFC 1123, 6.1 Requirements for DNS of internet hosts. 28 1.1 christos RFC 4033-4035: as a validating caching server (unbound daemon). 29 1.1 christos as a validating stub (libunbound). 30 1.1 christos RFC 1918. 31 1.1 christos RFC 1995, 1996, 2136: not authoritative, so no AXFR, IXFR, NOTIFY or 32 1.1 christos dynamic update services are appropriate. 33 1.1 christos RFC 2181: completely, including the trust model, keeping rrsets together. 34 1.1 christos RFC 2308: TTL directive, and the rest of the RFC too. 35 1.1 christos RFC 2671: EDNS0 support, default advertisement 4Kb size. 36 1.1 christos RFC 2672: DNAME support. 37 1.1 christos RFC 3597: Unknown RR type support. 38 1.1 christos RFC 4343: case insensitive handling of domain names. 39 1.1 christos RFC 4509: SHA256 DS hash. 40 1.1 christos RFC 4592: wildcards. 41 1.1 christos RFC 4697: No DNS Resolution Misbehavior. 42 1.1.1.2 christos RFC 5001: DNS Name Server Identifier (NSID) Option 43 1.1 christos RFC 5011: update of trust anchors with timers. 44 1.1 christos RFC 5155: NSEC3, NSEC3PARAM types 45 1.1 christos RFC 5358: reflectors-are-evil: access control list for recursive 46 1.1 christos service. In fact for all DNS service so cache snooping is halted. 47 1.1 christos RFC 5452: forgery resilience. all recommendations followed. 48 1.1 christos RFC 5702: RSASHA256 signature algorithm. 49 1.1 christos RFC 5933: GOST signature algorithm. 50 1.1 christos RFC 6303: default local zones. 51 1.1 christos It is possible to block zones or return an address for localhost. 52 1.1 christos This is a very limited authoritative service. Defaults as in draft. 53 1.1 christos RFC 6604: xNAME RCODE and status bits. 54 1.1 christos RFC 6605: ECDSA signature algorithm, SHA384 DS hash. 55 1.1 christos 56 1.1 christos chroot and drop-root-privileges support, default enabled in config file. 57 1.1 christos 58 1.1 christos AD bit in query can be used to request AD bit in response (w/o using DO bit). 59 1.1 christos CD bit in query can be used to request bogus data. 60 1.1 christos UDP and TCP service is provided downstream. 61 1.1 christos UDP and TCP are used to request from upstream servers. 62 1.1 christos SSL wrapped TCP service can be used upstream and provided downstream. 63 1.1 christos Multiple queries can be made over a TCP stream. 64 1.1 christos 65 1.1 christos No TSIG support at this time. 66 1.1 christos No SIG0 support at this time. 67 1.1 christos No dTLS support at this time. 68 1.1 christos This is not a DNS statistics package, but some operationally useful 69 1.1 christos values are provided via unbound-control stats. 70 1.1 christos TXT RRs from the Chaos class (id.server, hostname.bind, ...) are supported. 71 1.1 christos 72 1.1 christos draft-0x20: implemented, use caps-for-id option to enable use. 73 1.1 christos Also implements bitwise echo of the query to support downstream 0x20. 74 1.1 christos draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to 75 1.1 christos a safety belt list. 76 1.1 christos draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured 77 1.1 christos as trust anchors. Also DNSKEYs are allowed, by the way. 78 1.1 christos draft-ietf-dnsext-dnssec-bis-updates: supported. 79 1.1 christos 80 1.1 christos Record type syntax support, extensive, from lib ldns. 81 1.1 christos For these types only syntax and parsing support is needed. 82 1.1 christos RFC 1034-1035: basic RR types. 83 1.1 christos RFC 1183: RP, AFSDB, X25, ISDN, RT 84 1.1 christos RFC 1706: NSAP 85 1.1 christos RFC 2535: KEY, SIG, NXT: treated as unknown data, syntax is parsed (obsolete). 86 1.1 christos 2163: PX 87 1.1 christos AAAA type 88 1.1 christos 1876: LOC type 89 1.1 christos 2782: SRV type 90 1.1 christos 2915: NAPTR type. 91 1.1 christos 2230: KX type. 92 1.1 christos 2538: CERT type. 93 1.1 christos 2672: DNAME type. 94 1.1 christos OPT type 95 1.1 christos 3123: APL 96 1.1 christos 3596: AAAA 97 1.1 christos SSHFP type 98 1.1 christos 4025: IPSECKEY 99 1.1 christos 4033-4035: DS, RRSIG, NSEC, DNSKEY 100 1.1 christos 4701: DHCID 101 1.1 christos 5155: NSEC3, NSEC3PARAM 102 1.1 christos 4408: SPF 103 1.1 christos 6944: DNSKEY algorithm status 104 1.1 christos 105
Indexes created Wed Apr 22 00:22:44 UTC 2026