Zone Signing Keys

Each zone in DNSSEC has a zone-signing key pair (ZSK)

To enable DNSSEC, a zone operator creates digital signatures for each RRset using the private ZSK and stores them in their name server as RRSIG records

The zone operator also needs to make their public ZSK available by adding it to their name server in a DNSKEY record.

d4rtht3ll3ctus' root vault

Explorer

Zone Signing Keys

Graph View

Backlinks