Supported DNS Features

The Traffic Manager DNS Server is designed to conform to the majority of the DNS technical specifications contained in RFC 1034 and RFC 1035. This section lists the implemented features and exceptions.

Implemented Features from RFC 1034

The Traffic Manager DNS Server implements the following features:

•Authoritative server behavior.

•Domain name space database.

•Positive and negative answers (NODATA, NXDOMAIN, SERVFAIL, FORMAT ERROR, REFUSED, NOT_IMPLEMENTED).

•Delegations (also known as referrals).

•Class IN of the DNS database.

•The ANY record type.

•Wildcard DNS records (see also RFC 4592).

Implemented Features from RFC 1035

The Traffic Manager DNS Server implements the following features:

•Supported record types:

•A

•CNAME

•MX

•NS

•PTR

•SOA

•TXT

•Other supported record types:

•AAAA (see also RFC 3596)

•SRV (see also RFC 2782)

•Supported DNSSEC record types (see also RFC 4034):

•DNSKEY

•RRSIG

•DS

•NSEC

•NSEC3

•NSEC3PARAM

•DNS answers use message compression (see also RFC 1035, section 4.1.4).

•UDP and TCP are fully supported as transport protocols with IPv4 and IPv6.

•Zone text files (also known as "master files"), as defined in RFC 1035 section 5, are supported. The Traffic Manager can process the following aspects of zone files:

•Definition of resource records of supported types listed in this section

•The $TTL directive

•The $ORIGIN directive

•The use of parentheses and multiline record definitions

•The @ sign

•Comments placed after a semicolon (;)

•Reverse lookup using in-addr.arpa domain is supported, as in RFC 1035 section 3.5.

Exceptions for RFC 1034

The following features are not implemented or supported:

•Resource record classes CS, CH, and HS.

•Inverse queries (these queries are made obsolete by RFC 3425).

•Zone transfer.

•Status queries (experimental).

•Completion queries (obsolete).

Exceptions for RFC 1035

The following features are not implemented or supported:

•The $INCLUDE directive.

•The use of the backslash (\) operator to define a literal or control character. For example, "\." to place a dot character in a label.

•\DDD where each D is the octet digit corresponding to the decimal number described by DDD. The Traffic Manager assumes the resulting octet is text and does not check it for special meaning.

Other Implemented Features

The Traffic Manager DNS Server implements the following features:

•Case sensitivity is fully supported.

•RFC 2308, "Negative Caching of DNS Queries", is fully implemented.

•EDNS(0) is implemented, as per RFC 6891, "Extension Mechanisms for DNS". The Traffic Manager makes use of EDNS to handle UDP response sizes that are larger than 512 bytes. The Traffic Manager additionally uses the EDNS "DO" flag to determine whether incoming DNS questions indicate DNSSEC support, as per RFC 3225. No further EDNS features are supported.

•The DNSSEC protocol is supported, as defined in the following RFCs:

•RFC 4033, "DNS Security Introduction and Requirements"

•RFC 4034, "Resource Records for the DNS Security Extensions"

•RFC 4035, "Protocol Modifications for the DNS Security Extensions"

•RFC 5155, "DNS Security (DNSSEC) Hashed Authenticated Denial of Existence"

•For DNSSEC support, note that:

•The Traffic Manager is able to parse signed DNSSEC zone files.

•The Traffic Manager is able to answer with DNSSEC signed records in a standards-compliant manner.

•The Traffic Manager checks the expiry time on DNSSEC signatures in a zone file when the zone is associated with a virtual server, and periodically every hour thereafter. If a signature has expired, or expiry is due to occur within 7 days, the Traffic Manager generates an event through the Alerting system (see CHAPTER 21, "Event Handling and Alerts").

•RFC8659, "DNS Certification Authority Authorization (CAA) Resource Record", is supported.

Other Excluded Features

The following features are not implemented or supported:

•Classless delegation, as per RFC 2317, is not supported.

•RFC 3597, "Handling of Unknown DNS Resource Record (RR) Types", is not supported.

•For DNSSEC support, note that:

•The Traffic Manager does not provide tools to sign zone files.

•The Traffic Manager does not provide tools to manage the cryptographic keys lifecycle.