im reading RFC 4035 which has to do with DNSSec, and there's a term which is causing me trouble to get, which is the following - Zone Apex -, perhaps i sound like a rookie, but every help on this is very welcome. Thanks!!
If you have a zone foo.bar.com, there are two places that have records for the exact name foo.bar.com: the zone's own name servers, and the parent zone's name servers. The first of those is in the zone itself, and referred to as the "zone apex". The other one is in the parent zone (sort of).
These two places with the same name have overlapping but not identical information in them. The parent zone has NS and DS records for foo.bar.com. The zone apex has NS, SOA, DNSKEY and RRSIG records for foo.bar.com. In the context of DNSSEC, the distinction between them is quite important, since it is between the parent zone's information and the zone apex that the cryptographic validation of the delegation happens.
If you want a much more long-winded attempt to explain this, you can have a look here.