Connected: An Internet Encyclopedia
5.6 Special Considerations at Delegation Points

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 5. Non-existent Names and Types
Prev: 5.5 Blocking NXT Pseudo-Zone Transfers
Next: 6. The AD and CD Bits and How to Resolve Securely

5.6 Special Considerations at Delegation Points

5.6 Special Considerations at Delegation Points

A name (other than root) which is the head of a zone also appears as the leaf in a superzone. If both are secure, there will always be two different NXT RRs with the same name. They can be distinguished by their signers and next domain name fields. Security aware servers should return the correct NXT automatically when required to authenticate the non-existence of a name and both NXTs, if available, on explicit query for type NXT.

Insecure servers will never automatically return an NXT and some implementations may only return the NXT from the subzone on explicit queries.


Next: 6. The AD and CD Bits and How to Resolve Securely

Connected: An Internet Encyclopedia
5.6 Special Considerations at Delegation Points