Beruflich Dokumente
Kultur Dokumente
KSK (Key Signing Key) which signs other keys, usually larger Chain of Trust
and stronger than ZSK, it’s used as the trust anchor and
Sign Root Zone
ceritified by the parent zone in the DNS Trust
(ICANN)
Anchor
ZSK (Zone Signing Key) sign all data in the zone (RRsets) & Signs Contains
KSK ZSK RRs DS
ususally lower strength & impose less computational overhead
www.abc.com. 3599 IN DNSKEY 256 3 13 ( DNSKEY Set Hashed KSK
Key Type (KSK, ZSK) koPbw9wmYZ7ggcjnQ6ayHyhHaDNMY
Sign .COM Zone
Time to Live (TTL) ELKTqT+qRGrZpWSccr/lBcrm10Z1P (Verisign)
Protocol Value uQHB3Azhii+sb0PYFkH1ruxLhe5g=
Public Key algorithm Signs Contains
Key ID
) ; key id = 35273 KSK ZSK RRs DS