# What is a DNS CERT record?

## dE_logics

I did search on the internet and only got 2 things - 

1) The corresponding RFC

2) Using gnuPG with CERT records.

So this kind of response is supposed to publish certificates? As a form of DNS RR (over UDP)? And the response ain't even signed?

What about the request? Suppose I want a certificate X; so how do I uniquely identify X?

----------

## wswartzendruber

I'm guessing this is supposed to go hand-in-hand with DNSSEC, which will sign the return.  I'm also guessing that a single domain can have multiple CERT records.

----------

## dE_logics

Yes, DNSSEC can sign any response in that matter.

Now we can assure that CERT records are hardly used.

----------

## wswartzendruber

I think it's probably like IPv6.  The protocols and implementations are there, but it's not seen widespread usage yet.  I think this won't be common place until DNSSEC is common.

----------

