DNSKEY-Records (DNSSEC public key)

A DNSKEY-record holds a public key that resolvers can use to verify DNSSEC signatures in RRSIG-records.

DNSKEY-records have the following data elements:

  • Flags: "Zone Key" (set for all DNSSEC keys) and "Secure Entry Point" (set for KSK and simple keys).

  • Protocol: Fixed value of 3 (for backwards compatibility)

  • Algorithm: The public key's cryptographic algorithm.

  • Public key: Public key data.

To add a DNSKEY-record to a zone, use the DNSSEC Sign Zone function.

This record type is defined in RFC4034.

Be the first to comment on this page:
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)