Trust Anchors and Keys

The Root Key Signing Key acts as the trust anchor for DNSSEC for the Domain Name System. This trust anchor is configured in DNSSEC-aware resolvers to facilitate validation of DNS data. For a complete description of these files and mechanisms for updating the trust anchor, please review DNSSEC Trust Anchor Publication for the Root Zone.

File Description
root-anchors.xml DNS Root Trust Anchors (XML)
root-anchors.p7s DNS Root Trust Anchors (S/MIME Signature)
root-anchors.asc DNS Root Trust Anchors (PGP Signature)
     — icann.pgp PGP Key Ring
Used to share signatures used to sign the PGP signature above.
Kjqmt7v.crt DNS Root Key Signing Key generated 2010-06-26 (public key)
Kjqmt7v.csr Certificate Signing Request for KSK generated 2010-06-26
Published in PKCS#10 format to facilitate signing by public key infrastructure.
root-ksk-2010.pdf Attested copy of the result of the KSK generation script