Final answer:
Upon signing a DNS zone with DNSSEC, new records such as the Key Signing Key (KSK), Zone Signing Key (ZSK), and DNSSEC Resource Records like RRSIG, DNSKEY, DS, and NSEC/NSEC3 are created for securing the domain name lookup process.
Step-by-step explanation:
When a DNS zone is signed with DNSSEC (Domain Name System Security Extensions), several new types of resource records are created. These resource records are essential to the DNSSEC protocol for providing security features to prevent attackers from supplying forged DNS data.
The new records created once a zone is signed include the Key Signing Key (KSK) and the Zone Signing Key (ZSK). In addition, although it is not considered a 'new' record per se, the concept of a Trust Anchor, which is a known correct DNSSEC key for starting the chain of trust, is critical in the DNSSEC validation process. The DNSSEC Resource Records themselves include types such as RRSIG (Resource Record Signature), DNSKEY (DNS Public Key), DS (Delegation Signer), and NSEC/NSEC3 (Next Secure Record).