1 - 2 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z
NXT RR
Click on the red underlined text to get to the source
... NXT resource record and its use in DNS
responses. The NXT RR permits authenticated denial in the DNS of the
...
... for the non-existence of a domain name in a zone or the non-existence
of a type for an existing name. This gap is filled by the NXT RR
which authenticatably asserts a range of non-existent names in a zone
...
...
Section 5 below covers the NXT RR.
...
... The SOA and any other RRs that have the zone name as owner should
appear only in the subzone and thus are signed there. The NXT RR type
is an exceptional case that will always appear differently and
authoritatively in both the superzone and subzone, if both are
...
... CNAME or any
other type will not retrieve any associated signature, key, or NXT
RR. For types other than CNAME, it will retrieve that type at the
target ...
... NXT ("next")
RR for a name interval containing the nonexistent name. A NXT RR and
its SIG are returned in the authority ...
...
The owner name of the NXT RR is an existing name in the zone. It's
RDATA is a "next" name and a type bit ...
... RDATA is a "next" name and a type bit map. The presence of the NXT RR
means that generally no name between its owner name and the name in
its RDATA ...
... to the zone by the same recommended off-line process that signs the
zone (see Section 7.2). The NXT RR's TTL SHOULD not exceed the zone
minimum TTL ...
...
The type number for the NXT RR is 30.
...
... wildcard RR causes all possible names in an
interval to exist, there should not be an NXT RR that would cover any
part of this interval. Thus if *.X.ZONE exists you would expect an
NXT RR ...
... NXT RR that would cover any
part of this interval. Thus if *.X.ZONE exists you would expect an
NXT RR that ends at X.ZONE and one that starts with the last name
covered by *.X.ZONE. However, this "last name covered" is something
...
... RRs. If there is a zone wide wildcard, there will be an NXT RR whose
owner name is the wild card and whose RDATA is the zone name. In this
...
... RR, it can query for the next NXT RR. By repeating this, it can walk
through all the NXTs in the zone. If there are no wildcards, it can
...
... entity, or user) bit on. This will cause
there to be one zone covering NXT RR and leak no information about
what real names exist in the zone. This protection from pseudo-zone
...