What is a DNS signature (RRSIG)?
RRSIG (Resource Record Signature) is how DNSSEC signs records:
What it contains:
Cryptographic signature of a record set
Signing algorithm identifier
Expiration time
Key identifier
How verification works:
Resolver requests record (e.g., TXT)
Receives record plus RRSIG
Retrieves public key (DNSKEY record)
Verifies signature matches record
Signature chain:
Root signs TLD
TLD signs your domain
Your domain signs records
Chain of trust from root to record
Official notary seal on each document. Verifiable chain of authentication from the highest authority.
Was this answer helpful?
Thanks for your feedback!