Trust Anchors and Keys
The Root Key Signing Key acts as the trust anchor for DNSSEC for the Domain Name System. This trust anchor is configured in DNSSEC-aware resolvers to facilitate validation of DNS data.
Root Zone Trust Anchor
File | Description |
---|---|
root-anchors.xml | DNS Root Trust Anchors Updated 2018-12-20 |
root-anchors.p7s | Signature to verify the DNS Root Trust Anchors file (S/MIME) |
icannbundle.pem | Additional ICANN certificates for validating S/MIME signature |
Note: Publication of a PGP signature for verification of the root anchors file has been discontinued in favour of S/MIME validation.
Attestations
![]() Attested output of |
![]() Attested output of |
Resources
- DNSSEC Trust Anchor Publication for the Root Zone (RFC 7958). A detailed description of these files and mechanisms for updating the trust anchor.
- get-trust-anchor Tool. A stand-alone tool to retrieve the root trust anchors and verify their accuracy.