It is important to roll cryptographic keys periodically to help protect them from compromise.
In this case, since this is the very first time the key has been changed since the DNS root was initially signed in 2010, it is also a test of the rollover process.
Since we have received 2 nameservers, we ask each of them whether they give authoritative answer.
You can change this according to your need) Now after hostname, you have to make domain name for your server.
While both keys are present, they will increase the size of some messages in the DNS.
Even after the 2010 key is removed, the messages will still be larger than they were before the key rollover was started, because the 2017 key is larger than the 2010 key.
The DNS root key is a cryptographic public-private key pair used for DNSSEC signing of the DNS root zone records.
The root zone key-signing key (KSK) serves as the anchor for the “chain of trust” that enables DNS resolvers to validate the authenticity of any signed data in the DNS.