aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/doc/FEATURES
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/doc/FEATURES')
m---------external/unbound0
-rw-r--r--external/unbound/doc/FEATURES103
2 files changed, 0 insertions, 103 deletions
diff --git a/external/unbound b/external/unbound
new file mode 160000
+Subproject 193bdc4ee3fe2b0d17e547e86512528c2614483
diff --git a/external/unbound/doc/FEATURES b/external/unbound/doc/FEATURES
deleted file mode 100644
index 076988ea9..000000000
--- a/external/unbound/doc/FEATURES
+++ /dev/null
@@ -1,103 +0,0 @@
-Unbound Features
-
-(C) Copyright 2008, Wouter Wijngaards, NLnet Labs.
-
-
-This document describes the features and RFCs that unbound
-adheres to, and which ones are decided to be out of scope.
-
-
-Big Features
-------------
-Recursive service.
-Caching service.
-Forwarding and stub zones.
-Very limited authoritative service.
-DNSSEC Validation options.
-EDNS0, NSEC3, IPv6, DNAME, Unknown-RR-types.
-RSASHA256, GOST, ECDSA, SHA384 DNSSEC algorithms.
-
-Details
--------
-Processing support
-RFC 1034-1035: as a recursive, caching server. Not authoritative.
- including CNAMEs, referrals, wildcards, classes, ...
- AAAA type, and IP6 dual stack support.
- type ANY queries are supported, class ANY queries are supported.
-RFC 1123, 6.1 Requirements for DNS of internet hosts.
-RFC 4033-4035: as a validating caching server (unbound daemon).
- as a validating stub (libunbound).
-RFC 1918.
-RFC 1995, 1996, 2136: not authoritative, so no AXFR, IXFR, NOTIFY or
- dynamic update services are appropriate.
-RFC 2181: completely, including the trust model, keeping rrsets together.
-RFC 2308: TTL directive, and the rest of the RFC too.
-RFC 2671: EDNS0 support, default advertisement 4Kb size.
-RFC 2672: DNAME support.
-RFC 3597: Unknown RR type support.
-RFC 4343: case insensitive handling of domain names.
-RFC 4509: SHA256 DS hash.
-RFC 4592: wildcards.
-RFC 4697: No DNS Resolution Misbehavior.
-RFC 5011: update of trust anchors with timers.
-RFC 5155: NSEC3, NSEC3PARAM types
-RFC 5358: reflectors-are-evil: access control list for recursive
- service. In fact for all DNS service so cache snooping is halted.
-RFC 5452: forgery resilience. all recommendations followed.
-RFC 5702: RSASHA256 signature algorithm.
-RFC 5933: GOST signature algorithm.
-RFC 6303: default local zones.
- It is possible to block zones or return an address for localhost.
- This is a very limited authoritative service. Defaults as in draft.
-RFC 6604: xNAME RCODE and status bits.
-RFC 6605: ECDSA signature algorithm, SHA384 DS hash.
-
-chroot and drop-root-privileges support, default enabled in config file.
-
-AD bit in query can be used to request AD bit in response (w/o using DO bit).
-CD bit in query can be used to request bogus data.
-UDP and TCP service is provided downstream.
-UDP and TCP are used to request from upstream servers.
-SSL wrapped TCP service can be used upstream and provided downstream.
-Multiple queries can be made over a TCP stream.
-
-No TSIG support at this time.
-No SIG0 support at this time.
-No dTLS support at this time.
-This is not a DNS statistics package, but some operationally useful
-values are provided via unbound-control stats.
-TXT RRs from the Chaos class (id.server, hostname.bind, ...) are supported.
-
-draft-0x20: implemented, use caps-for-id option to enable use.
- Also implements bitwise echo of the query to support downstream 0x20.
-draft-ietf-dnsop-resolver-priming(-00): can prime and can fallback to
- a safety belt list.
-draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured
- as trust anchors. Also DNSKEYs are allowed, by the way.
-draft-ietf-dnsext-dnssec-bis-updates: supported.
-
-Record type syntax support, extensive, from lib ldns.
-For these types only syntax and parsing support is needed.
-RFC 1034-1035: basic RR types.
-RFC 1183: RP, AFSDB, X25, ISDN, RT
-RFC 1706: NSAP
-RFC 2535: KEY, SIG, NXT: treated as unknown data, syntax is parsed (obsolete).
-2163: PX
-AAAA type
-1876: LOC type
-2782: SRV type
-2915: NAPTR type.
-2230: KX type.
-2538: CERT type.
-2672: DNAME type.
-OPT type
-3123: APL
-3596: AAAA
-SSHFP type
-4025: IPSECKEY
-4033-4035: DS, RRSIG, NSEC, DNSKEY
-4701: DHCID
-5155: NSEC3, NSEC3PARAM
-4408: SPF
-6944: DNSKEY algorithm status
-