Connected: An Internet Encyclopedia
2.3.2 Authenticating Name and Type Non-existence

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 2. Overview of the DNS Extensions
Up: 2.3 Data Origin Authentication and Integrity
Prev: 2.3.1 The SIG Resource Record
Next: 2.3.3 Special Considerations With Time-to-Live

2.3.2 Authenticating Name and Type Non-existence

2.3.2 Authenticating Name and Type Non-existence

The above security mechanism provides only a way to sign existing RRs in a zone. "Data origin" authentication is not obviously provided for the non-existence of a domain name in a zone or the non-existence of a type for an existing name. This gap is filled by the NXT RR which authenticatably asserts a range of non-existent names in a zone and the non-existence of types for the name just before that range.

Section 5 below covers the NXT RR.


Next: 2.3.3 Special Considerations With Time-to-Live

Connected: An Internet Encyclopedia
2.3.2 Authenticating Name and Type Non-existence