Exchanging Keys with Sub- and Super-Zones

Other peoples' machines won't know that your zone's public key is accurate unless you have it signed by its superzone. (The superzone of e.g. "toad.com" is "com".) Similarly, if you have any sub-zones, you should get a public key from each of them, sign it, and return the signature to them.
Next page: How keying info gets used; Up: Domain Name System Security home page