2. Overview of the DNS Extensions

The Domain Name System (DNS) protocol security extensions provide three distinct services: key distribution as described in Section 2.2 below, data origin authentication as described in Section 2.3 below, and transaction and request authentication, described in Section 2.4 below.

Special considerations related to "time to live", CNAMEs, and delegation points are also discussed in Section 2.3.

• 2.1 Services Not Provided
• 2.2 Key Distribution
• 2.3 Data Origin Authentication and Integrity
  • 2.3.1 The SIG Resource Record
  • 2.3.2 Authenticating Name and Type Non-existence
  • 2.3.3 Special Considerations With Time-to-Live
  • 2.3.4 Special Considerations at Delegation Points
  • 2.3.5 Special Considerations with CNAME RRs
  • 2.3.6 Signers Other Than The Zone
• 2.4 DNS Transaction and Request Authentication