From: Josh Soref Date: Wed, 27 Mar 2019 08:18:06 +0000 (-0400) Subject: grammar: help parsers understand that denial-of-existence is a thing X-Git-Tag: dnsdist-1.4.0-alpha1~22^2~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe266c1104dded8580b4ff64f37c08a8fba4ac4c;p=thirdparty%2Fpdns.git grammar: help parsers understand that denial-of-existence is a thing --- diff --git a/docs/dnssec/modes-of-operation.rst b/docs/dnssec/modes-of-operation.rst index 487784d93c..b1c6472199 100644 --- a/docs/dnssec/modes-of-operation.rst +++ b/docs/dnssec/modes-of-operation.rst @@ -55,7 +55,7 @@ records, lives with the DNSSEC keying material. (Hashed) Denial of Existence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -PowerDNS supports unhashed secure denial of existence using NSEC +PowerDNS supports unhashed secure denial-of-existence using NSEC records. These are generated with the help of the (database) backend, which needs to be able to supply the 'previous' and 'next' records in canonical ordering. @@ -63,7 +63,7 @@ canonical ordering. The Generic SQL Backends have fields that allow them to supply these relative record names. -In addition, hashed secure denial of existence is supported using NSEC3 +In addition, hashed secure denial-of-existence is supported using NSEC3 records, in two modes, one with help from the database, the other with the help of some additional calculations. @@ -72,7 +72,7 @@ where the backend should be able to supply the previous and next domain names in hashed order. NSEC3 in 'narrow' mode uses additional hashing calculations to provide -hashed secure denial of existence 'on the fly', without further +hashed secure denial-of-existence 'on the fly', without further involving the database. .. _dnssec-signatures: