Skip to main content
    EmailToolBox LogoEmailToolBox
    Home
    SuperTool

    All-in-one DNS and email testing tool

    MX Lookup

    Check mail exchange records

    Blacklists

    Monitor IP reputation

    DMARC

    Analyze DMARC policies

    Diagnostics

    Email delivery diagnostics

    Email Health

    Comprehensive email domain health

    DNS Lookup

    DNS record lookup tools

    Header Analyzer

    Email header analyzer

    All Tools

    Browse all available tools

    Super ToolsBlacklistsEmail HealthGuides
    All Tools

    DS Lookup

    Query DS records to verify DNSSEC delegation and chain of trust

    DS (Delegation Signer) records establish a chain of trust in DNSSEC by containing hashes of DNSKEY records from child zones. They are stored in the parent zone.
    Domain Lookup
    Enter a domain name to query its DS records
    DS Records
    Delegation Signer records establishing chain of trust

    Related Tools

    MX Lookup
    Check mail servers
    Blacklist Checker
    Check IP reputation
    DNS Lookup
    DNS record queries
    SPF Checker
    Validate SPF records
    DMARC Analyzer
    Analyze DMARC policies
    Header Analyzer
    Analyze email headers
    DKIM Checker
    Verify DKIM signatures
    WHOIS Lookup
    Domain registration info
    SMTP Test
    Test SMTP connectivity
    SSL Certificate
    Check SSL certificates
    DNS Propagation
    Check DNS propagation
    Ping Test
    Test network connectivity
    Traceroute
    Trace network path
    Subnet Calculator
    Calculate IP subnets
    What Is My IP
    Check your IP address

    Need Help?

    Our tools are designed to be intuitive, but if you need assistance, we're here to help.

    DocumentationContact Support

    About Our Tools

    Professional-grade email and DNS diagnostic tools trusted by IT professionals worldwide.

    Free to UseNo RegistrationReal-time Results
    EmailToolBox LogoEmailToolBox

    Professional email testing platform for developers, administrators, and marketers.

    Tools

    • MX Lookup
    • SPF Checker
    • DKIM Checker
    • DMARC Analyzer

    Resources

    • Email Guides
    • API Documentation
    • Blog
    • FAQ

    Support

    • Contact Us
    • Help Center
    • Privacy Policy
    • Terms of Service

    © 2026 EmailToolBox. All rights reserved.

    EmailToolBox LogoEmailToolBox
    Home
    SuperTool

    All-in-one DNS and email testing tool

    MX Lookup

    Check mail exchange records

    Blacklists

    Monitor IP reputation

    DMARC

    Analyze DMARC policies

    Diagnostics

    Email delivery diagnostics

    Email Health

    Comprehensive email domain health

    DNS Lookup

    DNS record lookup tools

    Header Analyzer

    Email header analyzer

    All Tools

    Browse all available tools

    Super ToolsBlacklistsEmail HealthGuides
    All Tools

    DS Lookup

    Query DS records to verify DNSSEC delegation and chain of trust

    DS (Delegation Signer) records establish a chain of trust in DNSSEC by containing hashes of DNSKEY records from child zones. They are stored in the parent zone.
    Domain Lookup
    Enter a domain name to query its DS records

    Ready to Lookup DS Records

    Enter a domain name above to query its DS records and verify DNSSEC delegation.

    What you'll get:

    • Delegation Signer record details
    • Chain of trust validation
    • Algorithm and digest type analysis
    • Security recommendations
    What are DS Records?

    DS (Delegation Signer) records are DNS records that establish a chain of trust for DNSSEC (DNS Security Extensions). They are published in the parent zone and contain a cryptographic hash of a DNSKEY record from the child zone, enabling secure delegation and validation of DNS responses.

    Key Components:

    • Key Tag: A short numeric identifier for the DNSKEY record
    • Algorithm: The cryptographic algorithm used (e.g., RSA/SHA-256, ECDSA)
    • Digest Type: The hash algorithm used to create the digest (SHA-1, SHA-256, etc.)
    • Digest: The cryptographic hash of the DNSKEY record

    How DS Records Work:

    1. The child zone generates DNSKEY records and signs its zone data
    2. A DS record is created containing a hash of the child's DNSKEY
    3. The DS record is published in the parent zone and signed by the parent
    4. Resolvers can verify the chain of trust from parent to child
    5. This enables end-to-end validation of DNS responses

    Related Tools

    MX Lookup
    Check mail servers
    Blacklist Checker
    Check IP reputation
    DNS Lookup
    DNS record queries
    SPF Checker
    Validate SPF records
    DMARC Analyzer
    Analyze DMARC policies
    Header Analyzer
    Analyze email headers
    DKIM Checker
    Verify DKIM signatures
    WHOIS Lookup
    Domain registration info
    SMTP Test
    Test SMTP connectivity
    SSL Certificate
    Check SSL certificates
    DNS Propagation
    Check DNS propagation
    Ping Test
    Test network connectivity
    Traceroute
    Trace network path
    Subnet Calculator
    Calculate IP subnets
    What Is My IP
    Check your IP address

    Need Help?

    Our tools are designed to be intuitive, but if you need assistance, we're here to help.

    DocumentationContact Support

    About Our Tools

    Professional-grade email and DNS diagnostic tools trusted by IT professionals worldwide.

    Free to UseNo RegistrationReal-time Results
    EmailToolBox LogoEmailToolBox

    Professional email testing platform for developers, administrators, and marketers.

    Tools

    • MX Lookup
    • SPF Checker
    • DKIM Checker
    • DMARC Analyzer

    Resources

    • Email Guides
    • API Documentation
    • Blog
    • FAQ

    Support

    • Contact Us
    • Help Center
    • Privacy Policy
    • Terms of Service

    © 2026 EmailToolBox. All rights reserved.