DS-Records (Delegation Signer)

DS-records are used to secure delegations (DNSSEC).

A DS-record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS-records.

This DS-record references a DNSKEY-record in the sub-delegated zone.

DS-records have the following data elements:

  • Key Tag: A short numeric value which can help quickly identify the referenced DNSKEY-record.

  • Algorithm: The algorithm of the referenced DNSKEY-record.

  • Digest Type: Cryptographic hash algorithm used to create the Digest value.

  • Digest: A cryptographic hash value of the referenced DNSKEY-record.

To create a new DS-record, right-click a zone in the left list of DNS Records window, and select "Other new record" from the pop-up menu.

This record type is defined in RFC4034.

Be the first to comment on this page:
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)