key.dns_resolver

Resolve DNS key

$ key.dns_resolver [domain]

$ key.dns_resolver -t DNSKEY [domain]

key.dns_resolver [options] domain

key.dns_resolver is a Linux kernel utility that resolves DNS security keys and stores them in the kernel keyring. It is primarily used for DNSSEC validation, fetching DNSKEY and DS records from DNS servers and making them available to kernel subsystems that need to verify the authenticity of DNS responses.
The tool operates as a helper program invoked by the kernel's key management facility (request-key) rather than being called directly by users in most cases. When the kernel needs a DNS key for authentication purposes, it triggers key.dns_resolver to perform the lookup and populate the keyring automatically. This mechanism supports DNS-based authentication of named entities (DANE) and other security protocols that rely on cryptographic keys published in DNS.

DOMAIN

Domain to resolve key for.

Key type (DNSKEY, DS).

Display help information.

Kernel keyring integration. DNSSEC infrastructure required. Linux-specific.

key.dns_resolver is part of the Linux kernel keyring utilities, supporting DNS-based key resolution for DNSSEC.

keyctl(1), dig(1), dnssec-keygen(8)