DNSSEC authenticates that DNS records originate from an authorized sender (DNS server) using private/public key cryptography. The main purpose of this is to protect DNS against falsified information (DNS spoofing).
An RRSIG-record holds a DNSSEC signature for a record set (one or more DNS records with the same name and type). Resolvers can verify the signature with a public key stored in a DNSKEY-record.
Overview
DNSSEC authenticates that DNS records originate from an authorized sender (DNS server) using private/public key cryptography. The main purpose of this is to protect DNS against falsified information (DNS spoofing).
DNSSEC is defined in
Support RRSIG-record
An RRSIG-record holds a DNSSEC signature for a record set (one or more DNS records with the same name and type). Resolvers can verify the signature with a public key stored in a DNSKEY-record.