RFC Compliance¶
Unbound strives to be a reference implementation for emerging standards in the Internet Engineering Task Force (IETF). The aim is to implement well-established Internet Drafts as a compile option and drafts in the final stage of open community review as an optional feature, that is disabled by default. Accepted RFCs are implemented in Unbound according to the described standard.
The following table provides an extensive overview of all the RFC standards and Internet drafts that have been implemented in Unbound.
Domain Names – Concepts and Facilities |
|
Domain Names – Implementation and Specification |
|
DNS Encoding of Network Names and Other Types |
|
Requirements for Internet Hosts – Application and Support |
|
New DNS RR Definitions |
|
TIME-WAIT Assassination Hazards in TCP |
|
MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies |
|
DNS NSAP Resource Records |
|
DNS Encoding of Geographical Location |
|
A Means for Expressing Location Information in the Domain Name System |
|
Serial Number Arithmetic |
|
Incremental Zone Transfer in DNS |
|
A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) |
|
Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM) |
|
Clarifications to the DNS Specification |
|
Selection and Operation of Secondary DNS Servers |
|
Key Exchange Delegation Record for the DNS |
|
Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names |
|
Negative Caching of DNS Queries (DNS NCACHE) |
|
Domain Name System Security Extensions |
|
DSA KEYs and SIGs in the Domain Name System (DNS) |
|
RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) |
|
Storing Certificates in the Domain Name System (DNS) |
|
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) |
|
Reserved Top Level DNS Names |
|
Extension Mechanisms for DNS (EDNS0) |
|
Non-Terminal DNS Name Redirection |
|
Binary Labels in the Domain Name System |
|
A DNS RR for specifying the location of services (DNS SRV) |
|
DNS Extensions to Support IPv6 Address Aggregation and Renumbering |
|
The Naming Authority Pointer (NAPTR) DNS Resource Record |
|
Secret Key Establishment for DNS (TKEY RR) |
|
RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) |
|
A DNS RR Type for Lists of Address Prefixes (APL RR) |
|
Indicating Resolver Support of DNSSEC |
|
More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) |
|
Handling of Unknown DNS Resource Record (RR) Types |
|
X.509 Extensions for IP Addresses and AS Identifiers |
|
IPv6 Scoped Address Architecture |
|
A Method for Storing IPsec Keying Material in DNS |
|
DNS Security Introduction and Requirements |
|
Resource Records for the DNS Security Extensions |
|
Protocol Modifications for the DNS Security Extensions |
|
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints |
|
Domain Name System (DNS) Case Insensitivity Clarification |
|
Storing Certificates in the Domain Name System (DNS) |
|
The DNSSEC Lookaside Validation (DLV) DNS Resource Record |
|
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) |
|
The Role of Wildcards in the Domain Name System |
|
Conferencing Scenarios |
|
Observed DNS Resolution Misbehavior |
|
A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) |
|
DNS Name Server Identifier (NSID) Option |
|
Automated Updates of DNS Security (DNSSEC) Trust Anchors |
|
Additional Diffie-Hellman Groups for Use with IETF Standards |
|
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence |
|
Host Identity Protocol (HIP) Domain Name System (DNS) Extension |
|
Preventing Use of Recursive Nameservers in Reflector Attacks |
|
Measures for Making DNS More Resilient against Forged Answers |
|
Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC |
|
Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC |
|
DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers |
|
US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) |
|
Locally Served DNS Zones |
|
IANA-Reserved IPv4 Prefix for Shared Address Space |
|
xNAME RCODE and Status Bits Clarification |
|
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC |
|
DNAME Redirection in the DNS |
|
The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA |
|
DNS Security (DNSSEC) DNSKEY Algorithm IANA Registry Updates |
|
DNS Resource Records for the Identifier-Locator Network Protocol (ILNP) |
|
Special-Use Domain Names |
|
Clarifications and Implementation Notes for DNS Security (DNSSEC) |
|
DNS Certification Authority Authorization (CAA) Resource Record |
|
Extension Mechanisms for DNS (EDNS(0)) |
|
Signaling Cryptographic Algorithm Understanding in DNS Security Extensions (DNSSEC) |
|
Resource Records for EUI-48 and EUI-64 Addresses in the DNS |
|
Automating DNSSEC Delegation Trust Maintenance |
|
TCP Fast Open |
|
Child-to-Parent Synchronization in DNS |
|
The Uniform Resource Identifier (URI) DNS Resource Record |
|
Definition and Use of DNSSEC Negative Trust Anchors |
|
The “.onion” Special-Use Domain Name |
|
Decreasing Access Time to Root Servers by Running One on Loopback |
|
The EDNS(0) Padding Option |
|
Specification for DNS over Transport Layer Security (TLS) |
|
Client Subnet in DNS Queries |
|
DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP |
|
DNSSEC Trust Anchor Publication for the Root Zone |
|
NXDOMAIN: There Really Is Nothing Underneath |
|
Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC |
|
Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC) |
|
Using Secure DNS to Associate Certificates with Domain Names for S/MIME |
|
Aggressive Use of DNSSEC-Validated Cache |
|
Usage Profiles for DNS over TLS and DNS over DTLS |
|
Special-Use Domain ‘home.arpa.’ |
|
Padding Policies for Extension Mechanisms for DNS (EDNS(0)) |
|
Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY |
|
DNS Queries over HTTPS (DoH) |
|
A Root Key Trust Anchor Sentinel for DNSSEC |
|
Algorithm Implementation Requirements and Usage Guidance for DNSSEC |
|
Serving Stale Data to Improve DNS Resiliency |
|
Running a Root Server Local to a Resolver |
|
Extended DNS Errors |
|
Message Digest for DNS Zones |
|
DNS Query Name Minimisation to Improve Privacy |