Connected: An Internet Encyclopedia
2.3.2 Authenticating Name and Type Non-existence
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 2065
Up:
2. Overview of the DNS Extensions
Up:
2.3 Data Origin Authentication and Integrity
Prev: 2.3.1 The SIG Resource Record
Next: 2.3.3 Special Considerations With Time-to-Live
2.3.2 Authenticating Name and Type Non-existence
2.3.2 Authenticating Name and Type Non-existence
The above security mechanism provides only a way to sign existing RRs
in a zone. "Data origin" authentication is not obviously provided
for the non-existence of a domain name in a zone or the non-existence
of a type for an existing name. This gap is filled by the NXT RR
which authenticatably asserts a range of non-existent names in a zone
and the non-existence of types for the name just before that range.
Section 5 below covers the NXT RR.
Next: 2.3.3 Special Considerations With Time-to-Live
Connected: An Internet Encyclopedia
2.3.2 Authenticating Name and Type Non-existence