Skip to main content

Semantics of DNS NXT Resource Records

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Ólafur Guðmundsson , Edward P. Lewis
Last updated 1997-03-25
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


In 'Domain Name System Security Extensions' (RFC 2065) the NXT Resource Record (along with SIG RR and KEY RR) is introduced to allow for secure denial of existence of either a domain name or a RRSet belonging to an existing domain name. The set of NXT records within a zone create a virtual 'chain' of RRSets within a zone by indicating, for each name within a zone, the RRSets for which it owns records and the next name in the zone. RFC 2065 discusses security extensions for static DNS zones. An Internet Draft, draft-ietf-dnssec-update-04.txt, becoming an RFC describes security in DNS zone which can be dynamically updated. In this document, the authors build upon them to: - define some terms used colloquially in the working group - describe the semantics of the NXT record in greater detail than the two existing documents, in order to achieve interoperability - introduce and discuss unresolved issues involving NXT records


Ólafur Guðmundsson
Edward P. Lewis

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)