Compliance table
The following table describes the (minimal) compliance of PowerDNS products with various important standards.
If you miss a standard that is important to you, please contact us.
Domain names - concepts and facilities |
|
Domain names - implementation and specification |
|
Using the Domain Name System To Store Arbitrary String Attributes |
|
RFC 1876 (Auth) |
A Means for Expressing Location Information in the Domain Name System |
RFC 1982 (Auth) |
Serial Number Arithmetic |
RFC 1995 (Downstream) |
Incremental Zone Transfer in DNS |
A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) |
|
Dynamic Updates in the Domain Name System (DNS UPDATE) |
|
Clarifications to the DNS Specification |
|
Key Exchange Delegation Record for the DNS |
|
Negative Caching of DNS Queries (DNS NCACHE) |
|
DSA KEYs and SIGs in the Domain Name System (DNS) |
|
Storing Certificates in the Domain Name System (DNS) |
|
Storage of Diffie-Hellman Keys in the Domain Name System (DNS) |
|
Extension Mechanisms for DNS (EDNS0) |
|
A DNS RR for specifying the location of services (DNS SRV) |
|
Secret Key Transaction Authentication for DNS (TSIG) |
|
Secret Key Establishment for DNS (TKEY RR) |
|
Secure Domain Name System (DNS) Dynamic Update (TSIG only) |
|
Indicating Resolver Support of DNSSEC |
|
Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database |
|
DNS Extensions to Support IP Version 6 |
|
Handling of Unknown DNS Resource Record (RR) Types |
|
Delegation Signer (DS) Resource Record (RR) |
|
A Method for Storing IPsec Keying Material in DNS |
|
DNS Security Introduction and Requirements |
|
Resource Records for the DNS Security Extensions |
|
Protocol Modifications for the DNS Security Extensions |
|
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints |
|
Domain Name System (DNS) Case Insensitivity Clarification |
|
Storing Certificates in the Domain Name System (DNS) |
|
Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs) |
|
The Role of Wildcards in the Domain Name System |
|
A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) |
|
Requirements for a Mechanism Identifying a Name Server Instance |
|
DNS Name Server Identifier (NSID) Option |
|
DNS Security (DNSSEC) Hashed Authenticated Denial of Existence |
|
Measures for Making DNS More Resilient against Forged Answers |
|
Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC |
|
Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC |
|
Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records |
|
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC |
|
The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA |
|
Clarifications and Implementation Notes for DNS Security (DNSSEC) |
|
Extension Mechanisms for DNS (EDNS(0)) |
|
Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE) |
|
RFC 7344 (publication) |
Automating DNSSEC Delegation Trust Maintenance |
Using Ed25519 in SSHFP Resource Records |
|
Definition and Use of DNSSEC Negative Trust Anchors |
|
The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance |
|
Client Subnet in DNS Queries |
|
NXDOMAIN: There Really Is Nothing Underneath |
|
RFC 8078 (publication) |
Managing DS Records from the Parent via CDS/CDNSKEY |
Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC |
|
Aggressive Use of DNSSEC-Validated Cache |
|
DNS Queries over HTTPS (DoH) |
|
Algorithm Implementation Requirements and Usage Guidance for DNSSEC |