Within the context of a particular zone, an RRSet (RRs with the same name, class, and type) is authoritative if and only if the owner name of the RRSet lies within the subset of the name space that is at or below the zone apex and at or above the cuts that separate the zone from its children, if any. RRs of type NSEC, RRSIG and DS are examples of RRSets at a cut that are authoritative at the parent side of the zone cut, and not the delegated child side.

Source: NIST SP 800-81-2 | Category: