Module domain::base::opt::keytag

source ·
Expand description

EDNS options to signal the trust anchor key used in DNSSEC validation.

The option in this module – KeyTag – is used by validating resolvers when querying for DNSKEY records to indicate the key tags of the trust anchor keys they will be using when validating responses. This is intended as a means to monitor key uses during root key rollovers.

The option is defined in RFC 8145 along with detailed rules for who includes this option when.

Structs

  • Option data for the edns-key-tag option.
  • An iterator over the key tags in an edns-key-tags value.