Hello,
Usually DNSSEC should use ZSK to sign zone record rather than directly use KSK, and ZSK is easier to frequently update, DNS providers like cloudflare usually use ZSK to sign as well
Hello,
Usually DNSSEC should use ZSK to sign zone record rather than directly use KSK, and ZSK is easier to frequently update, DNS providers like cloudflare usually use ZSK to sign as well