From DNSSEC-Tools
Jump to: navigation, search

A DNSKEY is a DNS Resource Record that contains the crypographic keys used to sign records in a zonefile. In particular, they can be either a KSK or a ZSK in type. When a DNSKEY is used to sign a domain resource record set, the resulting signature is stored in a RRSIG record at that domain name.