What is a KSK, ZSK, RRSIG?

Follow

A KSK stands for Key Signing Key.  A KSK is a public/private key pair. The KSK private key is used to generate a digital signature for the ZSK. The KSK public key is stored in the DNS to be used to authenticate the ZSK.

 

A ZSK is a Zone Signing Key. A ZSK is a public/private key pair. The ZSK private key is used to generate a digital signature, known as a Resource Record Signature (RRSIG), for each of the resource record sets (RRSET) in a zone. The ZSK public key is stored in the DNS to authenticate an RRSIG.

 

Each name within a DNSSEC signed zone will be covered by an RRSIG.

Have more questions? Submit a request

Comments

Industry Information

website by WeAreDigital

Powered by Zendesk