Cotse - Connected: An Internet Encyclopedia - 3.7 KEY RRs in the Construction of Responses

An explicit request for KEY RRs does not cause any special additional information processing except, of course, for the corresponding SIG RR from a security aware server.

Security aware DNS servers MUST include KEY RRs as additional information in responses where appropriate including the following:

(1) On the retrieval of NS RRs, the zone key KEY RR(s) for the zone served by these name servers MUST be included as additional information if space is avilable. There will always be at least one such KEY RR in a secure zone, even if it has the no-key type value to indicate that the subzone is insecure. If not all additional information will fit, the KEY RR(s) have higher priority than type A or AAAA glue RRs. If such a KEY RR does not fit on a retrieval, the retrieval must be considered truncated.

(2) On retrieval of type A or AAAA RRs, the end entity KEY RR(s) MUST be included if space is available. On inclusion of A or AAAA RRs as additional information, their KEY RRs will also be included but with lower priority than the relevant A or AAAA RRs.

Next: 3.8 File Representation of KEY RRs

Connected: An Internet Encyclopedia
3.7 KEY RRs in the Construction of Responses


		Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details