Simple DNS Plus
Edit this page

Did you notice something wrong or unclear, or want to add something more to this page?

Great !!

You can edit the source text of this page on GitHub (click here to learn how).

After you submit your changes ("pull request"), we will review it and update the page.

RRSIG-Records (RRset Signature)

An RRSIG-record holds a DNSSEC signature for a record set (one or more DNS records with the same name and type).

Resolvers can verify the signature with a public key stored in a DNSKEY-record.

RRSIG-records have the following data elements:

  • Type Covered: DNS record type that this signature covers.

  • Algorithm: Cryptographic algorithm used to create the signature.

  • Labels: Number of labels in the original RRSIG-record name (used to validate wildcards).

  • Original TTL: TTL value of the covered record set.

  • Signature Expiration: When the signature expires.

  • Signature Inception: When the signature was created.

  • Key Tag: A short numeric value which can help quickly identify the DNSKEY-record which can be used to validate this signature.

  • Signer's Name: Name of the DNSKEY-record which can be used to validate this signature.

  • Signature: Cryptographic signature.

To add RRSIG-records to a zone, use the DNSSEC Sign Zone function.

This record type is defined in RFC4034.

Comments

Simple DNS Plus