With NANOSECOND resource record with DNSSEC marked zone all labels (names) in alphabetical (canonical) order concatenated. The type NANOSECOND replaced 2004 the almost identical type NXT.

Background

With the marking of DNS entries it can be verified that these entries were not falsified and from the correct autoritativen zones to come. Which is not possible, the nonexistence from DNS entries is to be proven to. For instance if a Client the name test.beispiel.de inquires, then an aggressor can remove the appropriate data from answer package of the server, without that becomes evident the Client.

In order to prevent such Denial OF service attacks, all names of a zone are alphabetically arranged circularly concatenated over NANOSECOND record, whereby the last entry points to first. Example:

  name1 NANOSECOND name2 name2 NANOSECOND name5 name5 NANOSECOND name1 

Each NANOSECOND record is signed by RRSIG resource record, so that it cannot be falsified. In its answer packages a DNS server provides in each case the associated nanosecond entry. With an inquiry to the not existing name name3 "“name2 NANOSECOND name5"” is provided. The Client can be safe with the fact that the name3 existed actually and was not removed not on the route of transportation.

The nanosecond record possesses still another second function: It lists all types resembles Names on (see example).

Structure

A NSEC-RR exists the following fields:

Example

 name2 NANOSECOND; Type name5; alphabetical successor LV DS RRSIG NANOSECOND; List of the types of the label name2 

Security of the procedure

An important disadvantage of this procedure is the fact that an aggressor the nanosecond chain to go through gradually and can determine so all entries of a zone. This procedure is called zone Walking (also DNSSEC Walking). Comparable reading of a complete zone is not possible with conventional DNS and secured zone transfer.

Measures for the prevention zone of the Walkings are in discussion (e.g. RFC 4470). A suggestion is to be realized with that the names involved no more coded in plain language, but be represented by new resource a record nsec3 a comparable procedure (see to IETF dnsext-nsec3-05 draft).

Related links

• RFC 4034 - Resource record for the DNS Security Extension

Articles in category "NANOSECOND resource record"

We found here 5 articles.

Related Websites

We found here 4 related websites.

• DLINE.01.01.RESOURCE FILE
  within microseconds


• Grace Hopper
  She would then point out t o her audience that every record in a ... Grace liked her nanosecond so much, that she asked for something to compare it to. ...


• Record of Training Resources Available in Staff Development
  Necessary Disorganisation for the Nanosecond Nineties. 60 mins. Live and Learn ... 1 Card game for increasing motivation. HD - 26 July 04. Resource.xls.


• SPIRT Recordkeeping Metadata Standards Project - RCRG
  Description in the Records Continuum: a complex multi-layered recordkeeping ... RDF: The Resource Description Framework is a World Wide Web Consortium ...