RFC 4035:Protocol Modifications for the DNS Securi...
RFC-Ref

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z

DNSSEC RRs

Click on the red underlined text to get to the source

1. Introduction
... describes the behavior of entities that include security-aware resolver functions. Finally, Section 5 defines how to use DNSSEC RRs to authenticate a response. ...


3. Serving
... query is not set, the name server side MUST strip any authenticating DNSSEC RRs from the response but MUST NOT strip any DNSSEC RR ...


4. Resolving
... signatures that for some reason fail to validate or due to missing data that the relevant DNSSEC RRs indicate should be present. This case may indicate an attack but ...
... determine whether the RRset should be signed, as the resolver is not able to obtain the necessary DNSSEC RRs. This can occur when the security-aware resolver is not able to contact security-aware ...
... atomic entry containing the entire answer, including the named RRset and any associated DNSSEC RRs. The resolver SHOULD discard the entire atomic entry when any of the RRs contained in it expire. In ...
... RR types, at least to the extent of not mishandling responses just because they contain DNSSEC RRs. ...
... A non-validating security-aware stub resolver MAY include the DNSSEC RRs returned by a security-aware recursive name server as part of the ...
... resolver that seeks to do this will need to set the DO bit in order to receive DNSSEC RRs from the recursive name server. ...
... security-aware stub resolver MUST set the DO bit, because otherwise it will not receive the DNSSEC RRs it needs to perform signature validation ...


5. Authenticating DNS Responses
... To use DNSSEC RRs for authentication, a security-aware resolver ...
... However, a security-aware resolver may still receive a response that lacks the appropriate DNSSEC RRs, whether due to configuration issues such as an upstream security ...
... name server that accidentally interferes with DNSSEC RRs or due to a deliberate attack in which an adversary forges a response, strips DNSSEC RRs ...
... DNSSEC RRs or due to a deliberate attack in which an adversary forges a response, strips DNSSEC RRs from a response, or modifies a query so that DNSSEC RRs ...
... DNSSEC RRs from a response, or modifies a query so that DNSSEC RRs appear not to be requested. The absence of DNSSEC data in a response MUST NOT by ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - Z

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org