DS Record

DS records (Delegation Signer) are used to secure delegations (DNSSEC). A DS record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS Records. This DS record references a DNSKEY record in the sub-delegated zone.

DS records have the following components:

  • Key Tag:  Contains the tag value of the DNSKEY Resource Record that validates this signature.
  • Algorithm: Identifies the algorithm used to produce a legitimate signature.
  • Digest Type: Identifies the algorithm used to construct the digest.
  • Digest: A cryptographic hash value of the referenced DNSKEY Record.

The DS record has the following look in your DNS zone management page:

Host Type Points to: TTL
host.domain.com DS key_tag algorithm digest_type digest 1 Hour

How to add it?

Go to your DNS zone management page and click on Add new record. For Type choose DS and type as follows:

  • Type: DS
  • TTL: 1 Hour
  • Host: host (You can not add a DS record for the root domain.) Please note that you need to have NS records for this host to be able to add DS records for it.
  • Key Tag: It specifies the short numeric value which can help quickly identify the referenced DNSKEY record.
  • Algorithm: It specifies the algorithm of the referenced DNSKEY record.
  • Digest Type: (1) SHA-1, (2) SHA-256, (3) GOST R 34.11-94, (4) SHA-384. It specifies the cryptographic hash algorithm used to create the Digest value.
  • Points to: This is the Digest. It specifies a cryptographic hash value of the referenced DNSKEY Record.

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more