DNSKEY
E738666
DNSKEY is a DNS Security Extensions (DNSSEC) resource record that stores public keys used to verify digital signatures and authenticate DNS data.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| RRSIG | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
DNS resource record type
ⓘ
DNSSEC record ⓘ |
| canRepresentKeyType |
Key Signing Key
ⓘ
Zone Signing Key ⓘ |
| containsField |
Algorithm
ⓘ
Flags ⓘ Protocol ⓘ Public Key ⓘ |
| definedInRFC |
RFC 4034
NERFINISHED
ⓘ
RFC 4035 NERFINISHED ⓘ |
| flagBit |
Revocation flag (bit 8)
ⓘ
Secure Entry Point flag (bit 15) ⓘ Zone Key flag (bit 7) ⓘ |
| hasPurpose |
authenticate DNS data origin
ⓘ
enable verification of DNS digital signatures ⓘ store public keys for DNSSEC ⓘ support data integrity in DNS ⓘ |
| hasRRTypeCode | 48 ⓘ |
| isAuthenticatedBy | DS record in parent zone ⓘ |
| isCachedBy | recursive resolvers ⓘ |
| isPartOf | DNSSEC trust chain ⓘ |
| isPublishedAt | zone apex ⓘ |
| isPublishedIn | zone file ⓘ |
| isSignedBy | RRSIG over DNSKEY RRset ⓘ |
| isUsedAt |
root zone
ⓘ
second-level domains ⓘ top-level domains ⓘ |
| isUsedToVerify | RRSIG records ⓘ |
| isValidatedBy | DNSSEC validators ⓘ |
| mayUseAlgorithm |
ECDSAP256SHA256
ⓘ
ECDSAP384SHA384 ⓘ ED25519 ⓘ ED448 ⓘ RSASHA1 ⓘ RSASHA256 ⓘ RSASHA512 ⓘ |
| protocolFieldReservedFor | DNSSEC NERFINISHED ⓘ |
| relatedRecord |
DS
ⓘ
NSEC ⓘ NSEC3 ⓘ RRSIG ⓘ |
| securityProperty |
does not provide confidentiality
ⓘ
provides data integrity ⓘ provides data origin authentication ⓘ |
| supportsOperation |
algorithm rollover
ⓘ
key rollover ⓘ |
| usedIn | Domain Name System Security Extensions NERFINISHED ⓘ |
| usesProtocolValue | 3 ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
RRSIG