|dnssec dnskey record||0.13||0.4||5141||20|
DNSKEY Records are used to publish the public key that resolvers can use to verify DNSSEC signatures which are used to secure certain kinds of information provided by the DNS system.What are DNSKEY and DS records?
For the implementation of these cryptographic signatures, two new DNS record types were created: DNSKEY and DS. The DNSKEY record contains a public signing key, and the DS record contains a hash* of a DNSKEY record. Each DNSSEC zone is assigned a set of zone signing keys (ZSK).What are the different types of DNS records in DNSSEC?
To facilitate signature validation, DNSSEC adds a few new DNS record types: RRSIG - Contains a cryptographic signature. DNSKEY - Contains a public signing key. DS - Contains the hash of a DNSKEY record. NSEC and NSEC3 - For explicit denial-of-existence of a DNS record.What is a DNSSEC KSK?
As an added layer of security, DNSSEC zones contain a second DNSKEY record containing a key signing key (KSK), which verifies the authenticity of the public ZSK. The DS record is used to verify the authenticity of child zones** of DNSSEC zones.