Jump to first page
 -21
DNSSEC Summary on 1 page
nData authenticity and integrity by SIGning the resource records
nPublic KEYs used to verify the SIGs
nChildren sign their zones with their private key; The authenticity of their KEY is established by a SIGnature over that key by the parent (DS)
nIn the ideal case, only one public KEY needs to be distributed off-band
Example: top of a secured zone. You see the signatures over all RR sets and a public KEY RR

; Example base64 encoding shortened for readability.
$TTL 600        ; 10 minutes
secret-wg.org           IN SOA  bert.secret-wg.org. olaf.ripe.net. (
                                2002040411 ; serial
                                450        ; refresh (7 minutes 30 seconds)
                                600        ; retry (10 minutes)
                                345600     ; expire (4 days)
                                300        ; minimum (5 minutes)
                                )
                        SIG     SOA 1 2 600 20020519064344 (
                                20020419054344 47783 secret-wg.org.
                                cd0JqaS8 ...)
                        NS      ns2.secret-wg.org.
                        NS      bert.secret-wg.org.
                        SIG     NS 1 2 600 20020504104340 (
                                20020404104340 47783 secret-wg.org.
                                qnqGts0l ...)
                        MX      100 bert.secret-wg.org.
                        SIG     MX 1 2 600 20020504104340 (
                                20020404104340 47783 secret-wg.org.
                                M/Y/5dQ0 ...)
                        TXT     "Secret Working group Demo and Test zone "
                        SIG     TXT 1 2 600 20020504104340 (
                                20020404104340 47783 secret-wg.org.
                                hfaCDT79 ...)
                        KEY     256 3 1 (
                                AQO088/m ...   ) ; key id = 47783
$TTL 3600       ; 1 hour
                        SIG     KEY 1 2 3600 20020413093759 (
                                20020314093759 47783 secret-wg.org.
                                iiPjoICO ...)
$TTL 600        ; 10 minutes
                        LOC     52 21 23.000 N 4 57 5.500 E 0.00m 100m 100m 100m
                        SIG     LOC 1 2 600 20020504104340 (
                                20020404104340 47783 secret-wg.org.
                                GW3nJdTj ...)
$TTL 3600       ; 1 hour
                        NXT     bert.secret-wg.org. NS SOA MX TXT SIG KEY LOC NXT
                        SIG     NXT 1 2 3600 20020504104401 (
                                20020404094401 47783 secret-wg.org.
                                W8EOZYvk ...)