The Domain Name System (DNS) protocol security extensions provide three distinct services: key distribution as described in Section 2.2 below, data origin authentication as described in Section 2.3 below, and transaction and request authentication, described in Section 2.4 below.
Special considerations related to "time to live", CNAMEs, and delegation points are also discussed in Section 2.3.