Resource records (RRs) are defined to associate keys with DNS names. This permits the DNS to be used as a public key distribution mechanism in support of the DNS data origin authentication and other security services.
The syntax of a KEY resource record (RR) is described in Section 3. It includes an algorithm identifier, the actual public key parameters, and a variety of flags including those indicating the type of entity the key is associated with and/or asserting that there is no key associated with that entity.
Under conditions described in Section 3.7, security aware DNS servers will automatically attempt to return KEY resources as additional information, along with those resource records actually requested, to minimize the number of queries needed.