head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2.2.1
	RELENG_9_1:1.2.2.1.0.2
	RELENG_9_1_BP:1.2.2.1
	RELENG_8_3_0_RELEASE:1.1.1.2.10.1
	RELENG_8_3:1.1.1.2.10.1.0.2
	RELENG_8_3_BP:1.1.1.2.10.1
	RELENG_9_0_0_RELEASE:1.2
	RELENG_9_0:1.2.0.4
	RELENG_9_0_BP:1.2
	RELENG_9:1.2.0.2
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.1.1.2
	RELENG_8_2_0_RELEASE:1.1.1.2
	RELENG_7_4:1.1.1.2.0.20
	RELENG_7_4_BP:1.1.1.2
	RELENG_8_2:1.1.1.2.0.18
	RELENG_8_2_BP:1.1.1.2
	RELENG_8_1_0_RELEASE:1.1.1.2
	RELENG_8_1:1.1.1.2.0.16
	RELENG_8_1_BP:1.1.1.2
	RELENG_7_3_0_RELEASE:1.1.1.2
	RELENG_7_3:1.1.1.2.0.14
	RELENG_7_3_BP:1.1.1.2
	RELENG_8_0_0_RELEASE:1.1.1.2
	RELENG_8_0:1.1.1.2.0.12
	RELENG_8_0_BP:1.1.1.2
	RELENG_8:1.1.1.2.0.10
	RELENG_8_BP:1.1.1.2
	RELENG_7_2_0_RELEASE:1.1.1.2
	RELENG_7_2:1.1.1.2.0.8
	RELENG_7_2_BP:1.1.1.2
	RELENG_7_1_0_RELEASE:1.1.1.2
	RELENG_6_4_0_RELEASE:1.1.1.1
	RELENG_7_1:1.1.1.2.0.6
	RELENG_7_1_BP:1.1.1.2
	RELENG_6_4:1.1.1.1.0.14
	RELENG_6_4_BP:1.1.1.1
	RELENG_7_0_0_RELEASE:1.1.1.2
	RELENG_6_3_0_RELEASE:1.1.1.1
	RELENG_7_0:1.1.1.2.0.4
	RELENG_7_0_BP:1.1.1.2
	BIND_9_4_2:1.1.1.2
	RELENG_6_3:1.1.1.1.0.12
	RELENG_6_3_BP:1.1.1.1
	RELENG_7:1.1.1.2.0.2
	RELENG_7_BP:1.1.1.2
	BIND_9_4_1_P1:1.1.1.2
	BIND_9_4_1:1.1.1.2
	BIND_9_3_4:1.1.1.1
	RELENG_6_2_0_RELEASE:1.1.1.1
	BIND_9_3_3:1.1.1.1
	RELENG_6_2:1.1.1.1.0.10
	RELENG_6_2_BP:1.1.1.1
	RELENG_5_5_0_RELEASE:1.1.1.1.2.1
	RELENG_5_5:1.1.1.1.2.1.0.6
	RELENG_5_5_BP:1.1.1.1.2.1
	RELENG_6_1_0_RELEASE:1.1.1.1
	RELENG_6_1:1.1.1.1.0.8
	RELENG_6_1_BP:1.1.1.1
	BIND_9_3_2:1.1.1.1
	RELENG_6_0_0_RELEASE:1.1.1.1
	RELENG_6_0:1.1.1.1.0.6
	RELENG_6_0_BP:1.1.1.1
	RELENG_6:1.1.1.1.0.4
	RELENG_6_BP:1.1.1.1
	RELENG_5_4_0_RELEASE:1.1.1.1.2.1
	RELENG_5_4:1.1.1.1.2.1.0.4
	RELENG_5_4_BP:1.1.1.1.2.1
	BIND_9_3_1:1.1.1.1
	RELENG_5_3_0_RELEASE:1.1.1.1.2.1
	RELENG_5_3:1.1.1.1.2.1.0.2
	RELENG_5_3_BP:1.1.1.1.2.1
	RELENG_5:1.1.1.1.0.2
	BIND_9_3_0:1.1.1.1
	BIND_9_3_0_RC4:1.1.1.1
	ISC:1.1.1;
locks; strict;
comment	@# @;


1.3
date	2012.04.05.04.29.35;	author dougb;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2011.05.28.00.21.28;	author dougb;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2004.09.19.01.30.08;	author trhodes;	state Exp;
branches
	1.1.1.1;
next	;

1.3.2.1
date	2012.04.05.04.29.35;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.00.21;	author svnexp;	state Exp;
branches;
next	;

1.2.2.1
date	2012.04.08.01.43.41;	author dougb;	state Exp;
branches;
next	;

1.1.1.1
date	2004.09.19.01.30.08;	author trhodes;	state Exp;
branches
	1.1.1.1.2.1;
next	1.1.1.2;

1.1.1.2
date	2007.06.02.23.21.18;	author dougb;	state Exp;
branches
	1.1.1.2.2.1
	1.1.1.2.10.1;
next	;

1.1.1.1.2.1
date	2004.09.26.03.09.39;	author des;	state Exp;
branches;
next	;

1.1.1.2.2.1
date	2011.05.28.00.58.19;	author dougb;	state Exp;
branches;
next	;

1.1.1.2.10.1
date	2011.05.28.00.33.06;	author dougb;	state Exp;
branches;
next	1.1.1.2.10.2;

1.1.1.2.10.2
date	2012.04.05.04.31.17;	author dougb;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 233914 on 2012-04-05 04:29:35Z by dougb

Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
@
text
@Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001  Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $

BIND 9 is striving for strict compliance with IETF standards.  We
believe this release of BIND 9 complies with the following RFCs, with
the caveats and exceptions listed in the numbered notes below.  Note
that a number of these RFCs do not have the status of Internet
standards but are proposed or draft standards, experimental RFCs, 
or Best Current Practice (BCP) documents.

  RFC1034
  RFC1035 [1] [2]
  RFC1123
  RFC1183
  RFC1535
  RFC1536
  RFC1706
  RFC1712
  RFC1750
  RFC1876
  RFC1982
  RFC1995
  RFC1996
  RFC2136
  RFC2163
  RFC2181
  RFC2230
  RFC2308
  RFC2535 [3] [4]
  RFC2536
  RFC2537
  RFC2538
  RFC2539
  RFC2671
  RFC2672
  RFC2673
  RFC2782
  RFC2915
  RFC2930
  RFC2931 [5]
  RFC3007


[1] Queries to zones that have failed to load return SERVFAIL rather
than a non-authoritative response.  This is considered a feature.

[2] CLASS ANY queries are not supported.  This is considered a feature.

[3] Wildcard records are not supported in DNSSEC secure zones.

[4] Servers authoritative for secure zones being resolved by BIND 9
must support EDNS0 (RFC2671), and must return all relevant SIGs and
NXTs in responses rather than relying on the resolving server to
perform separate queries for missing SIGs and NXTs.

[5] When receiving a query signed with a SIG(0), the server will only
be able to verify the signature if it has the key in its local
authoritative data; it will not do recursion or validation to
retrieve unknown keys.
@


1.3.2.1
log
@file rfc-compliance was added on branch RELENG_8_4 on 2013-03-28 13:00:21 +0000
@
text
@d1 62
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 62
Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001  Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $

BIND 9 is striving for strict compliance with IETF standards.  We
believe this release of BIND 9 complies with the following RFCs, with
the caveats and exceptions listed in the numbered notes below.  Note
that a number of these RFCs do not have the status of Internet
standards but are proposed or draft standards, experimental RFCs, 
or Best Current Practice (BCP) documents.

  RFC1034
  RFC1035 [1] [2]
  RFC1123
  RFC1183
  RFC1535
  RFC1536
  RFC1706
  RFC1712
  RFC1750
  RFC1876
  RFC1982
  RFC1995
  RFC1996
  RFC2136
  RFC2163
  RFC2181
  RFC2230
  RFC2308
  RFC2535 [3] [4]
  RFC2536
  RFC2537
  RFC2538
  RFC2539
  RFC2671
  RFC2672
  RFC2673
  RFC2782
  RFC2915
  RFC2930
  RFC2931 [5]
  RFC3007


[1] Queries to zones that have failed to load return SERVFAIL rather
than a non-authoritative response.  This is considered a feature.

[2] CLASS ANY queries are not supported.  This is considered a feature.

[3] Wildcard records are not supported in DNSSEC secure zones.

[4] Servers authoritative for secure zones being resolved by BIND 9
must support EDNS0 (RFC2671), and must return all relevant SIGs and
NXTs in responses rather than relying on the resolving server to
perform separate queries for missing SIGs and NXTs.

[5] When receiving a query signed with a SIG(0), the server will only
be able to verify the signature if it has the key in its local
authoritative data; it will not do recursion or validation to
retrieve unknown keys.
@


1.2
log
@SVN rev 222395 on 2011-05-28 00:21:28Z by dougb

Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004-03-05 05:04:53 marka Exp $
@


1.2.2.1
log
@SVN rev 234010 on 2012-04-08 01:43:41Z by dougb

MFC r233909:

Add Bv9ARM.pdf to the list of docs to install.

MFV/MFC r233914:

Update to version 9.8.2, the latest from ISC, which contains numerous bug fixes.
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
@


1.1
log
@Initial revision
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.3.206.1 2004/03/06 13:16:20 marka Exp $
@


1.1.1.1
log
@Vender import of BIND 9.3.0rc4.
@
text
@@


1.1.1.2
log
@Vendor import of BIND 9.4.1
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
@


1.1.1.2.2.1
log
@SVN rev 222399 on 2011-05-28 00:58:19Z by dougb

Upgrade to 9.4-ESV-R4-P1, which addresses the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004-03-05 05:04:53 marka Exp $
@


1.1.1.2.10.1
log
@SVN rev 222396 on 2011-05-28 00:33:06Z by dougb

Upgrade to 9.6-ESV-R4-P1, which address the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004-03-05 05:04:53 marka Exp $
@


1.1.1.2.10.2
log
@SVN rev 233915 on 2012-04-05 04:31:17Z by dougb

Update to version 9.6-ESV-R6, the latest from ISC, which contains numerous
bug fixes.
@
text
@d5 1
a5 1
$Id: rfc-compliance,v 1.4 2004/03/05 05:04:53 marka Exp $
@


1.1.1.1.2.1
log
@MFC: BIND 9 and related bits.

Approved by:	re
@
text
@@

