Trust Anchors and Keys

The Root Key Signing Key acts as the trust anchor for DNSSEC for the Domain Name System. This trust anchor is configured in DNSSEC-aware resolvers to facilitate validation of DNS data.

Root Zone Trust Anchor

File Description
root-anchors.xml DNS Root Trust Anchors
Updated 2018-12-20
root-anchors.p7s Signature to verify the DNS Root Trust Anchors file (S/MIME)
icannbundle.pem Additional ICANN certificates for validating S/MIME signature

Note: Publication of a PGP signature for verification of the root anchors file has been discontinued in favour of S/MIME validation.


Attested output of
2010-06-16 KSK generation

Attested output of
2016-10-27 KSK generation