| rfc9499v3.txt | rfc9499.txt | |||
|---|---|---|---|---|
| skipping to change at line 610 ¶ | skipping to change at line 610 ¶ | |||
| RRset: A set of resource records "with the same label, class and | RRset: A set of resource records "with the same label, class and | |||
| type, but with different data" (according to [RFC2181], | type, but with different data" (according to [RFC2181], | |||
| Section 5). Also written as "RRSet" in some documents. As a | Section 5). Also written as "RRSet" in some documents. As a | |||
| clarification, "same label" in this definition means "same owner | clarification, "same label" in this definition means "same owner | |||
| name". In addition, [RFC2181] states that "the TTLs of all RRs in | name". In addition, [RFC2181] states that "the TTLs of all RRs in | |||
| an RRSet must be the same". | an RRSet must be the same". | |||
| Note that RRSIG resource records do not match this definition. | Note that RRSIG resource records do not match this definition. | |||
| [RFC4035] says: | [RFC4035] says: | |||
| "An RRset MAY have multiple RRSIG RRs associated with it. Note | An RRset MAY have multiple RRSIG RRs associated with it. Note | |||
| that as RRSIG RRs are closely tied to the RRsets whose | that as RRSIG RRs are closely tied to the RRsets whose | |||
| signatures they contain, RRSIG RRs, unlike all other DNS RR | signatures they contain, RRSIG RRs, unlike all other DNS RR | |||
| types, do not form RRsets. In particular, the TTL values among | types, do not form RRsets. In particular, the TTL values among | |||
| RRSIG RRs with a common owner name do not follow the RRset | RRSIG RRs with a common owner name do not follow the RRset | |||
| rules described in [RFC2181]." | rules described in [RFC2181]. | |||
| Master file: "Master files are text files that contain RRs in text | Master file: "Master files are text files that contain RRs in text | |||
| form. Since the contents of a zone can be expressed in the form | form. Since the contents of a zone can be expressed in the form | |||
| of a list of RRs a master file is most often used to define a | of a list of RRs a master file is most often used to define a | |||
| zone, though it can be used to list a cache's contents." (Quoted | zone, though it can be used to list a cache's contents." (Quoted | |||
| from [RFC1035], Section 5) Master files are sometimes called "zone | from [RFC1035], Section 5) Master files are sometimes called "zone | |||
| files". | files". | |||
| Presentation format: The text format used in master files. This | Presentation format: The text format used in master files. This | |||
| format is shown but not formally defined in [RFC1034] or | format is shown but not formally defined in [RFC1034] or | |||
| skipping to change at line 762 ¶ | skipping to change at line 762 ¶ | |||
| Recursive mode: A resolution mode of a server that receives DNS | Recursive mode: A resolution mode of a server that receives DNS | |||
| queries and either responds to those queries from a local cache or | queries and either responds to those queries from a local cache or | |||
| sends queries to other servers in order to get the final answers | sends queries to other servers in order to get the final answers | |||
| to the original queries. Section 2.3 of [RFC1034] describes this | to the original queries. Section 2.3 of [RFC1034] describes this | |||
| as "the first server pursues the query for the client at another | as "the first server pursues the query for the client at another | |||
| server". Section 4.3.1 of [RFC1034] says: "in [recursive] mode | server". Section 4.3.1 of [RFC1034] says: "in [recursive] mode | |||
| the name server acts in the role of a resolver and returns either | the name server acts in the role of a resolver and returns either | |||
| an error or the answer, but never referrals." That same section | an error or the answer, but never referrals." That same section | |||
| also says: | also says: | |||
| "The recursive mode occurs when a query with RD set arrives at | The recursive mode occurs when a query with RD set arrives at a | |||
| a server which is willing to provide recursive service; the | server which is willing to provide recursive service; the | |||
| client can verify that recursive mode was used by checking that | client can verify that recursive mode was used by checking that | |||
| both RA and RD are set in the reply." | both RA and RD are set in the reply. | |||
| A server operating in recursive mode may be thought of as having a | A server operating in recursive mode may be thought of as having a | |||
| name server side (which is what answers the query) and a resolver | name server side (which is what answers the query) and a resolver | |||
| side (which performs the resolution function). Systems operating | side (which performs the resolution function). Systems operating | |||
| in this mode are commonly called "recursive servers". Sometimes | in this mode are commonly called "recursive servers". Sometimes | |||
| they are called "recursive resolvers". In practice, it is not | they are called "recursive resolvers". In practice, it is not | |||
| possible to know in advance whether the server that one is | possible to know in advance whether the server that one is | |||
| querying will also perform recursion; both terms can be observed | querying will also perform recursion; both terms can be observed | |||
| in use interchangeably. | in use interchangeably. | |||
| skipping to change at line 1484 ¶ | skipping to change at line 1484 ¶ | |||
| NSEC: "The NSEC record allows a security-aware resolver to | NSEC: "The NSEC record allows a security-aware resolver to | |||
| authenticate a negative reply for either name or type non- | authenticate a negative reply for either name or type non- | |||
| existence with the same mechanisms used to authenticate other DNS | existence with the same mechanisms used to authenticate other DNS | |||
| replies." (Quoted from [RFC4033], Section 3.2) In short, an NSEC | replies." (Quoted from [RFC4033], Section 3.2) In short, an NSEC | |||
| record provides authenticated denial of existence. | record provides authenticated denial of existence. | |||
| "The NSEC resource record lists two separate things: the next | "The NSEC resource record lists two separate things: the next | |||
| owner name (in the canonical ordering of the zone) that contains | owner name (in the canonical ordering of the zone) that contains | |||
| authoritative data or a delegation point NS RRset, and the set of | authoritative data or a delegation point NS RRset, and the set of | |||
| RR types present at the NSEC RR's owner name." (Quoted from | RR types present at the NSEC RR's owner name." (Quoted from | |||
| Section 4 of [RFC4034]) | [RFC4034], Section 4) | |||
| NSEC3: Like the NSEC record, the NSEC3 record also provides | NSEC3: Like the NSEC record, the NSEC3 record also provides | |||
| authenticated denial of existence; however, NSEC3 records mitigate | authenticated denial of existence; however, NSEC3 records mitigate | |||
| zone enumeration and support Opt-Out. NSEC3 resource records | zone enumeration and support Opt-Out. NSEC3 resource records | |||
| require associated NSEC3PARAM resource records. NSEC3 and | require associated NSEC3PARAM resource records. NSEC3 and | |||
| NSEC3PARAM resource records are defined in [RFC5155]. | NSEC3PARAM resource records are defined in [RFC5155]. | |||
| Note that [RFC6840] says that [RFC5155] "is now considered part of | Note that [RFC6840] says that [RFC5155] "is now considered part of | |||
| the DNS Security Document Family as described by Section 10 of | the DNS Security Document Family as described by Section 10 of | |||
| [RFC4033]". This means that some of the definitions from earlier | [RFC4033]". This means that some of the definitions from earlier | |||
| End of changes. 5 change blocks. | ||||
| 6 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||