Browse Prior Art Database

Authenticated Denial of Existence in the DNS (RFC7129)

IP.com Disclosure Number: IPCOM000234903D
Original Publication Date: 2014-Feb-01
Included in the Prior Art Database: 2014-Feb-14
Document File: 60 page(s) / 63K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Gieben: AUTHOR [+2]

Abstract

DNSSEC can be somewhat of a complicated matter, and there are certain areas of the specification that are more difficult to comprehend than others. One such area is "authenticated denial of existence".

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 5% of the total text.

Independent Submission                                         R. Gieben Request for Comments: 7129                                        Google Category: Informational                                       W. Mekking ISSN: 2070-1721                                               NLnet Labs                                                            February 2014

               Authenticated Denial of Existence in the DNS

Abstract

   Authenticated denial of existence allows a resolver to validate that    a certain domain name does not exist.  It is also used to signal that    a domain name exists but does not have the specific resource record    (RR) type you were asking for.  When returning a negative DNS    Security Extensions (DNSSEC) response, a name server usually includes    up to two NSEC records.  With NSEC version 3 (NSEC3), this amount is    three.

   This document provides additional background commentary and some    context for the NSEC and NSEC3 mechanisms used by DNSSEC to provide    authenticated denial-of-existence responses.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for informational purposes.

   This is a contribution to the RFC Series, independently of any other    RFC stream.  The RFC Editor has chosen to publish this document at    its discretion and makes no statement about its value for    implementation or deployment.  Documents approved for publication by    the RFC Editor are not a candidate for any level of Internet    Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at    http://www.rfc-editor.org/info/rfc7129.

Gieben & Mekking              Informational                     [Page 1]
 RFC 7129               Authenticated Denial in DNS         February 2014

 Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    (http://trustee.ietf.org/license-info) in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.

Table of Contents

   1. Introduction ....................................................3

   2. Denial of Existence .............................................4

      2.1. NXDOMAIN Responses .........................................4

      2.2. NODATA Re...