authority
Click on the red underlined text to get to the source
...
o When placing a signed RRset in the Authority section, the name
server MUST also place its RRSIG RRs in the Authority ...
... Authority section, the name
server MUST also place its RRSIG RRs in the Authority section.
The RRSIG RRs have a higher priority ...
... NSEC RR for <SNAME, SCLASS> along with its associated
RRSIG RR(s) in the Authority section of the response (see Section
3.1.1). If space does not permit inclusion of the NSEC RR or its
...
... name server
MUST include the following NSEC RRs in the Authority section, along
with their associated RRSIG RRs:
...
... NSEC RR and its
RRSIG RR(s) once in the Authority section.
If space does not permit inclusion of these NSEC ...
... wildcard name expansion when these RRs are included in the Authority
section of the response.
...
... wildcard-expanded
RRSIG RRs in the Answer section and MUST include in the Authority
section an NSEC RR and associated RRSIG RR ...
... name server MUST
include the following NSEC RRs in the Authority section, along with
their associated RRSIG RRs:
...
... wildcard name expansion when these RRs are included in the Authority
section of the response.
...
... unless the name server considers all RRsets in the Answer and
Authority sections of the response to be authentic. A security-aware
name server ...
... AD bit in a response unless the name server considers all
RRsets in the Answer and Authority sections of the response to be
authentic. The name server side SHOULD set the AD bit ...
... the resolver side considers all RRsets in the Answer section and any
relevant negative response RRs in the Authority section to be
authentic. The resolver side MUST follow the procedure described in
Section 5 to determine whether the RRs ...
... name server
that sent the response claims to have cryptographically verified the
data in the Answer and Authority sections of the response message.
Note, however, that the responses received by a security-aware ...