database logo graphic

RFC 7129

"Authenticated Denial of Existence in the DNS", February 2014

Canonical URL:
http://www.rfc-editor.org/rfc/rfc7129.txt
This document is also available in this non-normative format: PDF.
Status:
INFORMATIONAL
Authors:
R. Gieben
W. Mekking
Stream:
INDEPENDENT

Cite this RFC: TXT  |  XML

Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

Authenticated denial of existence allows a resolver to validate that a certain domain name does not exist. It is also used to signal that a domain name exists but does not have the specific resource record (RR) type you were asking for. When returning a negative DNS Security Extensions (DNSSEC) response, a name server usually includes up to two NSEC records. With NSEC version 3 (NSEC3), this amount is three. This document provides additional background commentary and some context for the NSEC and NSEC3 mechanisms used by DNSSEC to provide authenticated denial-of-existence responses.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Go to the RFC Editor Homepage.