Query Regarding NSEC RR in DNSSEC
Miek Gieben
miek at miek.nl
Tue Feb 14 18:29:30 UTC 2012
[ Quoting <gaurav.kansal at nic.in> at 22:53 on Feb 14 in "Query Regarding NSEC..." ]
> Dear Team,
>
> We have a Authenticated Response in DNSSEC through trust chain.
>
> Now my question is why we itself need a NSEC when we get response from DNSSEC
> enabled server authentically.
>
>
>
> Means, if a Record exist in DNSSEC, then it replies the answer along with RRSIG
> of that RR.
>
> AND if domain doesn’t exist, then it can simply give NXDOMAIN and our job will
> be done as we trust that nameserver through trust chain.
>
> So what’s the need of NSEC??????
This is a whitepaper on the subject:
https://www.sidn.nl/fileadmin/docs/PDF-files_UK/wp-2011-0x01-v2.pdf
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120214/0982b292/attachment.bin>
More information about the bind-users
mailing list