1. DNS/用語/wildcards/closest_encloser
について、ここに記述してください。
Notes on the DNSSEC standard : http://www.george-barwood.pwp.blueyonder.co.uk/DnsServer/NotesOnDNSSSEC.htm
Cache structure and Wildcard responses
NSEC Non-existence proofs
(3) "Closest encloser"
This is the longest ancestor of SNAME that "exists" ( it can be an empty non-terminal ).
SNAME is the name where the NoData or NxDomain authentication is being performed, as per RFC 1034 section 5.3.2.
We find the closest encloser by inspecting the names in the NSEC records present in the response ( both the Owner name and the NextName ).
If no ancestor of SNAME is found, the response is bogus.
Example : suppose the query is [b.c.d.example.com MX], and the response has the NSEC record
- a.b.d.example.com. NSEC a.b.c.d.example.com. A AAAA
The closest encloser is b.c.d.example.com.