1. DNSSEC/RFC2535

について、ここに記述してください。

http://www.rfc-editor.org/rfc/rfc2535.txt http://jprs.jp/tech/material/rfc/RFC2535-ja.txt

The owner name of the NXT RR is an existing name in the zone.

• It's RDATA is a "next" name and a type bit map.

Thus the NXT RRs in a zone

• create a chain of all of the literal owner names in that zone, including unexpanded wildcards but omitting the owner name of glue address records unless they would otherwise be included.

Abstract

   Extensions to the Domain Name System (DNS) are described that provide
   data integrity and authentication to security aware resolvers and
   applications through the use of cryptographic digital signatures.

   These digital signatures are included in secured zones as resource
   records.  Security can also be provided through non-security aware
   DNS servers in some cases.

   The extensions provide for the storage of authenticated public keys
   in the DNS.  This storage of keys can support general public key
   distribution services as well as DNS security.  The stored keys
   enable security aware resolvers to learn the authenticating key of
   zones in addition to those for which they are initially configured.
   Keys associated with DNS names can be retrieved to support other
   protocols.  Provision is made for a variety of key types and
   algorithms.

   In addition, the security extensions provide for the optional
   authentication of DNS protocol transactions and requests.

• This document incorporates feedback on RFC 2065 from early implementers and potential users.