Skip to content

Instantly share code, notes, and snippets.

@jpmens
Created November 24, 2021 09:34
Show Gist options
  • Save jpmens/3ed71227ae8623fe45a06d5c48d5ec0a to your computer and use it in GitHub Desktop.
Save jpmens/3ed71227ae8623fe45a06d5c48d5ec0a to your computer and use it in GitHub Desktop.
DNSSEC chain of trust
| . (root)   |       | org.             |       | example.org.         |       | sub.example.org. |
| ---------- |       | ---------------- |       | -------------------- |       | ---------------- |
| SOA        |       | SOA              |       | SOA                  |       | SOA              |
| NS         |       | NS               |       | NS                   |       | NS               |
| DNSKEY     |   ┌── | DNSKEY           |   ┌── | DNSKEY               |   ┌── | DNSKEY           |
| DS (org)   | ──┘   | DS (example.org) | ──┘   | DS (sub.example.org) | ──┘   | AAAA             |

ASCII art by @mritzmann based on a diagram I made.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment