In the above example the SIG RRs are left out for clarity.
	The NXT record is circular over the zone. The next label after www.ripe.net. Is ripe.net  Once signed the RR that are available with label www.bla.foo are A SIG and NXT.
	Using the NXT record, one can do a zone walk. Some people find this undesirable. However, the DNS is a public database. (One can use views to block your ÔinternalÕ naming scheme from external eyes.)