A DNSSEC-aware stub resolver that trusts one or more DNSSEC-aware recursive name servers to perform most of the tasks discussed in this document set on its behalf. In particular, a nonvalidating DNSSEC-aware stub resolver is an entity that sends DNS queries, receives DNS responses, and is capable of establishing an appropriately secured channel to a DNSSEC-aware recursive name server that will provide these services on behalf of the DNSSEC-aware stub resolver. See also “DNSSEC-aware stub resolver” and “validating DNSSEC-aware stub resolver.”

Source: NIST SP 800-81-2 | Category: