Hi,
Trying to avoid FUD by providing some stats :
I've tested compliance with unknown types in known class. I tested for
both serving and resolving capabilities.
What I did not do:
1) test for proper QTYPE=*, QNAME=* or QCLASS=* handling.(I queried for
specific type in the 'IN' class with a specific non-wildcard name).
2) proper error handling in case of noncompliance. (old imps return a
wide variety of errors, if they return response at all).
3) I did not check proper presentation format in debugging tools like
DiG, DoC, NSLOOKUP, etc.
4) I did not check the availability, let alone compliance of
getrrsetbyname() in OS species.
What I did do:
I considered implementations that return an existing 'unknown' TYPE
when queried with the same 'unknown' QTYPE compliant. To avoid false
negatives I've queried every instance for a known type as well. In
effect, this test was specifically for RFC 3597 sec 3 'Transparency'.
The bulk of popular (**) implementations are compliant:
COMPLIANT:
BIND 8 (>= version 8.3.0)
BIND 9 (>= version 9.1.0)
Microsoft NT DNS
Microsoft server 2000
Microsoft server 2003
Nominum ANS
Nominum CNS
TinyDNS
NSD (>= version 2.0.1)
PowerDNS (>= version 2.9.11)
MaraDNS [recursive only]
totd
dnscache
Net::DNS (>= version 0.44)
NOT COMPLIANT:
BIND 4
BIND 8 (< version 8.3.0)
BIND 9 (< version 9.1.0)
NSD (< version 2.0.1)
PowerDNS (< version 2.9.11)
Net::DNS (< version 0.44)
MaraDNS [authoritative only]
NonSequitur DNS
Incognito DNS commander
MyDNS
Oak DNS
Posadis
QuickDNS
pdnsd
Simple DNS plus
NOT TESTED:
VGRS ATLAS
eNom DNS
References:
http://www.rfc.se/fpdns
http://www.ietf.org/rfc/rfc3597.txt
(**)
If you're interested in extrapolating the above results into actual
deployment, please enjoy implementation surveys by:
Peter Koch:
http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-survey.pdf
Dan Bernstein:
http://cr.yp.to/surveys/dns1.html
If you want to test your own servers' compliance:
http://www.rfc.se/interop3597/