This guide contains the following sections.

Section 1. Introduction to the Step-By-Step Guide.

Section 2. Describes the configuration required before the DNSSEC-Tools utilities may be used.

Section 3. Describes how to perform an initial signing of a zone.

Section 4. Provides the steps required to configure a name server to serve a signed zone.

Section 5. Gives information on checking for expiration of a zone's signatures.

Section 6. Describes how to re-sign a previously signed zone.

Section 7. Provides the commands required for a child zone to create a signed delegation.

Section 8. Gives the commands required for a parent zone to create a signed delegation.

Section 9. Describes the Pre-Publish Scheme, which is used in rollover operations of ZSK keys.

Section 10. Provides the Double-Signature Scheme, which is used in rollover operations of KSK keys.

Section 11. Gives the emergency rollover procedures to take in the event of a ZSK key compromise.

Section 12. Describes the emergency rollover procedures to take in the event of a Published ZSK key compromise.

Section 13. Provides the emergency rollover procedures to take in the event that both the Published and Current ZSK keys are compromised.

Section 14. Gives the emergency rollover procedures to take if the KSK key is compromised.

Section 15. Describes the actions a parent zone must take when a child zone's KSK key is compromised.

Section 16. Provides a migration path for moving to using the DNSSEC-Tools toolset.

Section 17. Gives information on configuring a secure resolver.