DNSSEC relies on a chain of trust within the DNS infrastructure, emanating from the root and passing through second level domains. For more information about DNSSEC and the chain of trust, see Using DNSSEC with Nominet systems.

Signing .uk domain names

Our registry systems are enabled to accept DS records. This enables you to complete the chain of trust through to individual domain names by generating a DNSSEC key and corresponding DS record. Our systems can be used to place the DS record into the parent zone. The DNSSEC key will also need to be published onto the registrar’s nameserver record for that domain name. For more information on managing DS records for .UK domain names, see here.

See also

Managing DS records for gTLD domain names

Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom