Compliance table

The following table describes the (minimal) compliance of PowerDNS products with various important standards.

If you miss a standard that is important to you, please contact us.

RFC 1034Domain names - concepts and facilities
RFC 1035Domain names - implementation and specification
RFC 1464Using the Domain Name System To Store Arbitrary String Attributes
RFC 1876 (Auth)A Means for Expressing Location Information in the Domain Name System
RFC 1982 (Auth)Serial Number Arithmetic
RFC 1995 (Downstream)Incremental Zone Transfer in DNS
RFC 1996A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
RFC 2136Dynamic Updates in the Domain Name System (DNS UPDATE)
RFC 2181Clarifications to the DNS Specification
RFC 2230Key Exchange Delegation Record for the DNS
RFC 2308Negative Caching of DNS Queries (DNS NCACHE)
RFC 2536DSA KEYs and SIGs in the Domain Name System (DNS)
RFC 2538Storing Certificates in the Domain Name System (DNS)
RFC 2539Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
RFC 2671Extension Mechanisms for DNS (EDNS0)
RFC 2782A DNS RR for specifying the location of services (DNS SRV)
RFC 2845Secret Key Transaction Authentication for DNS (TSIG)
RFC 2930Secret Key Establishment for DNS (TKEY RR)
RFC 3007Secure Domain Name System (DNS) Dynamic Update (TSIG only)
RFC 3225Indicating Resolver Support of DNSSEC
RFC 3403Dynamic Delegation Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database
RFC 3596DNS Extensions to Support IP Version 6
RFC 3597Handling of Unknown DNS Resource Record (RR) Types
RFC 3658Delegation Signer (DS) Resource Record (RR)
RFC 4025A Method for Storing IPsec Keying Material in DNS
RFC 4033DNS Security Introduction and Requirements
RFC 4034Resource Records for the DNS Security Extensions
RFC 4035Protocol Modifications for the DNS Security Extensions
RFC 4255Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
RFC 4343Domain Name System (DNS) Case Insensitivity Clarification
RFC 4398Storing Certificates in the Domain Name System (DNS)
RFC 4509Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
RFC 4592The Role of Wildcards in the Domain Name System
RFC 4701A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
RFC 4892Requirements for a Mechanism Identifying a Name Server Instance
RFC 5001DNS Name Server Identifier (NSID) Option
RFC 5155DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
RFC 5452Measures for Making DNS More Resilient against Forged Answers
RFC 5702Use of SHA-2 Algorithms with RSA in DNSKEY and RRSIG Resource Records for DNSSEC
RFC 5933Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC
RFC 6594Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
RFC 6605Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC
RFC 6698The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
RFC 6840Clarifications and Implementation Notes for DNS Security (DNSSEC)
RFC 7218Adding Acronyms to Simplify Conversations about DNS-Based Authentication of Named Entities (DANE)
RFC 7344 (publication)Automating DNSSEC Delegation Trust Maintenance
RFC 7479Using Ed25519 in SSHFP Resource Records
RFC 7646Definition and Use of DNSSEC Negative Trust Anchors
RFC 7671The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance
RFC 7871Client Subnet in DNS Queries