A DS RR contains a hash of a child zone's KSK and can be used as a trust anchor in some security-aware resolvers and to create a secure delegation point for a signed subzone in DNS servers. As illustrated in Figure 22.1, the DS RR in the parent zone corpxyz.com contains a hash of the KSK of the child zone sales.corpxyz.com, which in turn has a DS record that contains a hash of the KSK of its child zone, nw.sales.corpxyz.com.
Figure 22.1 Place for Fig. 22.1Place for Figure with arrows № 6
Drawio |
---|
border | 1 |
---|
baseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | 22.1 |
---|
zoom | 1 |
---|
pageId | 22252211 |
---|
custContentId | 7345821 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
Drawio |
---|
border | 1 |
---|
baseUrl | https://infoblox-docs.atlassian.net/wiki |
---|
diagramName | Arrows1 |
---|
zoom | 1 |
---|
pageId | 22252211 |
---|
custContentId | 7345815 |
---|
lbox | 1 |
---|
contentVer | 1 |
---|
revision | 1 |
---|
|
The first four fields specify the owner name, TTL, class and RR type. The succeeding fields are as follows:
...