DNSSEC

DNSSEC relies on a chain of trust within the DNS infrastructure emanating from the root through to individual zones. Background information about DNSSEC, digital signatures and the chain of trust is provided in our introduction to DNSSEC.

Signing .uk domain names

Our registry systems are enabled to accept DS records. This allows registrars to complete the chain of trust through to individual domain names by generating a DNSSEC key and corresponding DS record. Our systems can be used to place the DS record into the parent zone. The DNSSEC key will also need to be published onto the registrar’s nameserver record for that domain name.

DNSSEC for .UK registrars

Further information on using DNSSEC registry systems is available here.

DNSSEC Signing Service

The DNSSEC signing service was withdrawn from service in January 2016 due to low uptake.

DNSSEC for gTLD registrars

Information on using gTLD DNSSEC registry systems is available here.