DNSSEC Keys and Signing Explained
19 Feb 2019
This article describes what happens when a zone is signed with DNSSEC. This document helps to understand the concept of zone signing and does not detail the actual steps for signing a zone.
Note: I have taken some liberties with this article in the interest of simplicity. For full and accurate information, refer DNSSEC RFCs. NXDOMAIN validation is not included in this article.
Let’s consider an unsigned zone test.com. Below is a representation of the zone file with sample records with only the relevant fields.