blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
2.3.5 Special Considerations with CNAME RRs Connected: An Internet Encyclopedia
2.3.5 Special Considerations with CNAME RRs

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2065
Up: 2. Overview of the DNS Extensions
Up: 2.3 Data Origin Authentication and Integrity
Prev: 2.3.4 Special Considerations at Delegation Points
Next: 2.3.6 Signers Other Than The Zone

2.3.5 Special Considerations with CNAME RRs

2.3.5 Special Considerations with CNAME RRs

There is a significant problem when security related RRs with the same owner name as a CNAME RR are retrieved from a non-security-aware server. In particular, an initial retrieval for the CNAME or any other type will not retrieve any associated signature, key, or NXT RR. For types other than CNAME, it will retrieve that type at the target name of the CNAME (or chain of CNAMEs) and will return the CNAME as additional information. In particular, a specific retrieval for type SIG will not get the SIG, if any, at the original CNAME domain name but rather a SIG at the target name.

In general, security aware servers MUST be used to securely CNAME in DNS. Security aware servers must (1) allow KEY, SIG, and NXT RRs along with CNAME RRs, (2) suppress CNAME processing on retrieval of these types as well as on retrieval of the type CNAME, and (3) automatically return SIG RRs authenticating the CNAME or CNAMEs encountered in resolving a query. This is a change from the previous DNS standard which prohibited any other RR type at a node where a CNAME RR was present.


Next: 2.3.6 Signers Other Than The Zone

Connected: An Internet Encyclopedia
2.3.5 Special Considerations with CNAME RRs

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609