DS Lookup
Query DS records to verify DNSSEC delegation and chain of trust
DS (Delegation Signer) records establish a chain of trust in DNSSEC by containing hashes of DNSKEY records from child zones. They are stored in the parent zone.
Domain Lookup
Enter a domain name to query its DS records
Ready to Lookup DS Records
Enter a domain name above to query its DS records and verify DNSSEC delegation.
What you'll get:
- Delegation Signer record details
- Chain of trust validation
- Algorithm and digest type analysis
- Security recommendations
What are DS Records?
DS (Delegation Signer) records are DNS records that establish a chain of trust for DNSSEC (DNS Security Extensions). They are published in the parent zone and contain a cryptographic hash of a DNSKEY record from the child zone, enabling secure delegation and validation of DNS responses.
Key Components:
- Key Tag: A short numeric identifier for the DNSKEY record
- Algorithm: The cryptographic algorithm used (e.g., RSA/SHA-256, ECDSA)
- Digest Type: The hash algorithm used to create the digest (SHA-1, SHA-256, etc.)
- Digest: The cryptographic hash of the DNSKEY record
How DS Records Work:
- The child zone generates DNSKEY records and signs its zone data
- A DS record is created containing a hash of the child's DNSKEY
- The DS record is published in the parent zone and signed by the parent
- Resolvers can verify the chain of trust from parent to child
- This enables end-to-end validation of DNS responses
Related Tools
MX Lookup
Check mail servers
Blacklist Checker
Check IP reputation
DNS Lookup
DNS record queries
SPF Checker
Validate SPF records
DMARC Analyzer
Analyze DMARC policies
Header Analyzer
Analyze email headers
DKIM Checker
Verify DKIM signatures
WHOIS Lookup
Domain registration info
SMTP Test
Test SMTP connectivity
SSL Certificate
Check SSL certificates
DNS Propagation
Check DNS propagation
Ping Test
Test network connectivity
Traceroute
Trace network path
Subnet Calculator
Calculate IP subnets
What Is My IP
Check your IP address
Need Help?
Our tools are designed to be intuitive, but if you need assistance, we're here to help.
About Our Tools
Professional-grade email and DNS diagnostic tools trusted by IT professionals worldwide.
Free to UseNo RegistrationReal-time Results