Assign this task
ADDITIONAL REQUIREMENT DETAIL
Every zone gets two pairs of keys: the Zone Signing Key (ZSK) and the Key Signing Key (KSK). It is common to generate those keys first. Then, the essential steps are:
- Sign the zone with your ZSK
- Sign the ZSK with your KSK
- Publish the fingerprint of the KSK in the DS record published in the parent zone (for example, when signing the
zone for example.bank, the DS record would be published in the .BANK zone, or in the .INSURANCE zone for example.insurance.)
- Must not implement obsolete (e.g., weak, experimental, poor) cryptographic algorithms in DNSSSEC.