Ntxiv KASP (Key thiab Kos Npe Txoj Cai), ib txoj hauv kev yooj yim los tswj DNSSEC cov yuam sij thiab kos npe digital, raws li kev teeb tsa cov cai tau teev tseg siv "dnssec-policy" cov lus qhia. Cov lus qhia no tso cai rau koj los teeb tsa cov cim tshiab tsim nyog rau thaj chaw DNS thiab tsis siv neeg thov ZSK thiab KSK cov yuam sij.
Lub network subsystem tau raug kho dua tshiab thiab hloov mus rau qhov kev thov asynchronous txheej txheem ua raws li lub tsev qiv ntawv libuv.
Kev rov ua haujlwm tseem tsis tau ua rau muaj kev hloov pauv pom, tab sis hauv kev tshaj tawm yav tom ntej nws yuav muab lub sijhawm los siv qee qhov kev ua tau zoo tshaj plaws thiab ntxiv kev txhawb nqa rau cov txheej txheem tshiab xws li DNS dhau TLS.
Cov txheej txheem txhim kho rau kev tswj hwm DNSSEC kev ntseeg siab anchors (Trust anchor, pej xeem tus yuam sij khi rau ib cheeb tsam los xyuas qhov tseeb ntawm cheeb tsam no). Hloov chaw ntawm kev ntseeg siab-cov yuam sij thiab kev tswj hwm-cov yuam sij, uas tam sim no tsis lees paub, tsab ntawv qhia kev ntseeg siab tshiab tau raug thov uas tso cai rau koj tswj hwm ob hom yuam sij.
Thaum siv kev ntseeg siab-txiav nrog cov lus tseem ceeb thawj zaug, tus cwj pwm ntawm cov lus qhia no zoo ib yam rau cov yuam sij tswj, i.e. txhais cov kev ntseeg ruaj khov kho raws li RFC 5011. Thaum siv kev ntseeg siab-txheej txheem nrog cov lo lus tseem ceeb zoo li qub, tus cwj pwm sib raug rau cov lus qhia kev ntseeg siab, i.e. txhais tus yuam sij tsis tu ncua uas tsis tau hloov kho tshiab. Trust-anchors tseem muaj ob lo lus tseem ceeb ntxiv, pib-ds thiab zoo li qub-ds, uas tso cai rau koj siv kev ntseeg siab anchors hauv hom DS (Delegation Signer) es tsis txhob DNSKEY, uas ua rau nws muaj peev xwm los teeb tsa kev khi rau cov yuam sij uas tseem tsis tau luam tawm (lub koom haum IANA npaj yuav siv DS hom rau cov yuam sij hauv cheeb tsam yav tom ntej).