Simple DNS Plus
Edit this page

Did you notice something wrong or unclear, or want to add something more to this page?

Great !!

You can edit the source text of this page on GitHub (click here to learn how).

After you submit your changes ("pull request"), we will review it and update the page.

DNSKEY-Records (DNSSEC public key)

A DNSKEY-record holds a public key that resolvers can use to verify DNSSEC signatures in RRSIG-records.

DNSKEY-records have the following data elements:

  • Flags: "Zone Key" (set for all DNSSEC keys) and "Secure Entry Point" (set for KSK and simple keys).

  • Protocol: Fixed value of 3 (for backwards compatibility)

  • Algorithm: The public key's cryptographic algorithm.

  • Public key: Public key data.

To add a DNSKEY-record to a zone, use the DNSSEC Sign Zone function.

This record type is defined in RFC4034.

Comments

Simple DNS Plus