Show search and navigation.

 

DNSSEC

Applies To:
RouteThis platform is designed to provide reliable, high performance, and secure DNS service. This DNS service consists of zone administration, traffic management, and custom routing policies.
SecondaryThe Managed (Primary) or Secondary DNS module allows DNS zone management, authoritative DNS for zones managed outside of our network, and traffic distribution to multiple servers via load balancing or failover configurations.

Secondary DNS supports zones that contain DNSSEC records. This allows DNSSEC records to be imported into the corresponding secondary zone.

DNSSEC Records

A brief description for the supported set of DNSSEC records is provided below.

Name Description
RRSIG

Provides the DNSSEC signature through which DNS data is authenticated.
DNSKEY

Provides the public key through which a DNS resolver verifies the DNSSEC signature in a RRSIG record.

DS

Identifies a sub-delegated zone by its name. It also identifies a DNSKEY record in the sub-delegated zone.

NSEC

Indicates the next secured record in the zone by name. It also indicates the type of records in the zone that have been assigned that name.

A DNS resolver uses this record to verify that a record of a specific name and type does not exist within a zone.

NSEC3

Indicates the next secured record in the zone by hashed name. It also indicates the type of records in the zone that have been assigned that name.

A DNS resolver uses this record to verify that a record of a specific name and type does not exist within a zone.

NSEC3PARAM

Allows Authoritative DNS servers to determine the set of NSEC3 records to include in response to DNSSEC requests for a record that does not exist.

DLV

The DNSSEC Lookaside Validation registry record publishes DNSSEC trust anchors outside of the standard DNS delegation chain. This allows a DNS resolver to validate DNSSEC records via an alternative chain of trust.