On 5/18/2004 10:13 AM, roy(_at_)dnss(_dot_)ec sent forth electrons to convey:
Hi,
Trying to avoid FUD by providing some stats :
Thanks!
COMPLIANT:
BIND 8 (>= version 8.3.0)
BIND 9 (>= version 9.1.0)
Microsoft NT DNS
Microsoft server 2000
Microsoft server 2003
Nominum ANS
Nominum CNS
TinyDNS
NSD (>= version 2.0.1)
PowerDNS (>= version 2.9.11)
MaraDNS [recursive only]
totd
dnscache
Net::DNS (>= version 0.44)
NOT COMPLIANT:
BIND 4
BIND 8 (< version 8.3.0)
BIND 9 (< version 9.1.0)
NSD (< version 2.0.1)
PowerDNS (< version 2.9.11)
Net::DNS (< version 0.44)
MaraDNS [authoritative only]
NonSequitur DNS
Incognito DNS commander
MyDNS
Oak DNS
Posadis
QuickDNS
pdnsd
Simple DNS plus
It would be good to know which of these have known remote root
compromise security holes for which patches aren't available.
IMO anyone running such a beast has no business complaining if we move
to a new record type and they have to upgrade.
NOT TESTED:
VGRS ATLAS
eNom DNS
OTOH:
Of all the registrars who provide DNS bundled with domain registration,
I know of none that would support a new record type, and a few that won't.
They may be running the latest BIND, but if their UI doesn't allow access...
ZoneEdit: TXT: SUPPORTED, new record type: NOT SUPPORTED.
GoDaddy: TXT: NOT SUPPORTED, new record type: NOT SUPPORTED.
DynDNS:?
UltraDNS:?
References:
http://www.rfc.se/fpdns
http://www.ietf.org/rfc/rfc3597.txt
(**)
If you're interested in extrapolating the above results into actual
deployment, please enjoy implementation surveys by:
Peter Koch:
http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-survey.pdf
Dan Bernstein:
http://cr.yp.to/surveys/dns1.html
If you want to test your own servers' compliance:
http://www.rfc.se/interop3597/