DS-records are used to secure delegations (DNSSEC).

A DS-record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS-records.

This DS-record references a DNSKEY-record in the sub-delegated zone.

 

DS-records have the following data elements:

- Key Tag: A short numeric value which can help quickly identify the referenced DNSKEY-record.

- Algorithm: The algorithm of the referenced DNSKEY-record.

- Digest Type: Cryptographic hash algorithm used to create the Digest value.

- Digest: A cryptographic hash value of the referenced DNSKEY-record.

 

To create a new DS-record, right-click a zone in the left list of DNS Records window, and select "Other new record" from the pop-up menu.

 

This record type is defined in RFC4034.