root trust anchor
The authoritative key at the top of the chain of trust for the Domain Name System Security Extensions (DNSSEC). The authority of the root trust anchor is conferred through parameter settings on DNSSEC-aware resolvers. It is not derived from other keys.
The root trust anchor consists of a public-private key pair. The private key is used to sign the zone signing key (ZSK) for the root zone. DNSSEC-aware resolvers use the public key to verify the authenticity of data in the root zone.