▶
What are the Root KSK and the Trust Anchor?
If you run a validating resolver, you’re relying on the root trust anchor we maintain at IANA.
You may have heard of it as the root Key Signing Key — or KSK — and it is a fundamental configuration item for DNSSEC as it is the starting point for the entire cryptographic chain of trust.
Your resolver uses that trust anchor to verify DNS responses, making sure the data hasn’t been altered since it came from the authoritative source.
Resolver operators and software that perform DNSSEC validation depend on the root trust anchor being up-to-date to ensure the DNS remains globally consistent and secure.
