DNSKEY Lookup
Query DNSKEY records to examine DNSSEC public keys and validation
DNSKEY records contain public keys used for DNSSEC validation. They include Key Signing Keys (KSK) for signing other keys and Zone Signing Keys (ZSK) for signing zone data.
Domain Lookup
Enter a domain name to query its DNSKEY records
Ready to Lookup DNSKEY Records
Enter a domain name above to query its DNSKEY records and examine DNSSEC configuration.
What you'll get:
- Public key information and algorithms
- Key Signing Keys (KSK) and Zone Signing Keys (ZSK)
- DNSSEC validation status
- Security recommendations
What are DNSKEY Records?
DNSKEY (DNS Public Key) records contain public keys used in DNSSEC (DNS Security Extensions) to authenticate DNS data and prevent DNS spoofing attacks. They are essential for establishing a chain of trust in the DNS hierarchy.
Key Components:
- Flags: Indicates the key type (256 for ZSK, 257 for KSK)
- Protocol: Always 3 for DNSSEC
- Algorithm: Cryptographic algorithm used (RSA, ECDSA, etc.)
- Public Key: The actual cryptographic public key data
Key Types:
KSKKey Signing Key
Used to sign other DNSKEY records and establish trust with the parent zone
ZSKZone Signing Key
Used to sign all other records in the DNS zone
Related Tools
MX Lookup
Check mail servers
Blacklist Checker
Check IP reputation
DNS Lookup
DNS record queries
SPF Checker
Validate SPF records
DMARC Analyzer
Analyze DMARC policies
Header Analyzer
Analyze email headers
DKIM Checker
Verify DKIM signatures
WHOIS Lookup
Domain registration info
SMTP Test
Test SMTP connectivity
SSL Certificate
Check SSL certificates
DNS Propagation
Check DNS propagation
Ping Test
Test network connectivity
Traceroute
Trace network path
Subnet Calculator
Calculate IP subnets
What Is My IP
Check your IP address
Need Help?
Our tools are designed to be intuitive, but if you need assistance, we're here to help.
About Our Tools
Professional-grade email and DNS diagnostic tools trusted by IT professionals worldwide.
Free to UseNo RegistrationReal-time Results