Two levels of resolver compliance are defined:
A fully compliant resolver (1) understands KEY, SIG, and NXT RRs, (2) maintains appropriate information in its local caches and database to indicate which RRs have been authenticated and to what extent they have been authenticated, (3) performs additional queries as necessary to attempt to obtain KEY, SIG, or NXT RRs from non-security aware servers, (4) normally sets the CD query header bit on its queries.