How ENS-integration makes DNSSEC redundant


Is there more to this claim than the DNS registry simply signing the ENS record with its public key?

I understand how this would verify the integrity of the record, but I don’t see how this would verify the integrity of I suppose in the record for it would say which public key is permitted to create the records *, and then the record is signed with some key, and then we only accept the domain if everything matches all the way up?


Hi Virgil!
From what I gather it is very much like what you outline. DNSSEC provides Delegation Signer (DS) records for parent domains which can be used to verify a DNSKEY record in a subdomain, which can then contain other DS records to verify further subdomains. These can be checked recursively up to the parent domain if needed. Would ENS check the DS and DNSKEY records at the DNS root?