FusionLayer NameSurfer® - DNSKEY records

DNSKEY records

HELP

NameSurfer 7.6.4.1

DNSKEY (Domain Name System KEY) records is the public key part of the key pair used to sign DNSSEC secured zones. There are two key roles - key signing keys and zone signing keys. Zone signing keys are used for signing records in individual nodes of the zone while key signing keys are only used for signing the zone signing keys.

When a security chain is formed from outside the zone, e.g. from the parent of the zone, the DS record used to verify key(s) in the zone usually points to the key signing key(s).