DNSSEC
At a glance
- DNSSEC relies on a chain of trust within the DNS infrastructure emanating from the root through to individual zones
- The chain of trust has been extended to .uk second level domains. Registrars can complete the chain of trust through to individual domain names by generating a DNSSEC key and corresponding DS record
DNSSEC relies on a chain of trust within the DNS infrastructure emanating from the root through to individual zones. Background information about DNSSEC, digital signatures and the chain of trust is provided in our introduction to DNSSEC.
Signing .uk domain names
Our registry systems are enabled to accept DS records. This allows registrars to complete the chain of trust through to individual domain names by generating a DNSSEC key and corresponding DS record. Our systems can be used to place the DS record into the parent zone. The DNSSEC key will also need to be published onto the registrar’s nameserver record for that domain name.
DNSSEC for .UK registrars
Further information on using DNSSEC registry systems is available here.
DNSSEC Signing Service
The DNSSEC signing service was withdrawn from service in January 2016 due to low uptake.
DNSSEC for gTLD registrars
Information on using gTLD DNSSEC registry systems is available here.
Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom