An entity acting in the role of a stub resolver that has an understanding of the DNS security extensions. DNSSEC-aware stub resolvers may be either “validating” or “nonvalidating,” depending on whether the stub resolver attempts to verify DNSSEC signatures on its own or trusts a friendly DNSSEC-aware name server to do so. See also “validating stub resolver” and “nonvalidating stub resolver.”

Source: NIST SP 800-81-2 | Category: