The Delegation Signer or DS Record shows that a DNS Zone is digitally signed, it is used to identify the DNSSEC signing key of a delegated zone. The DS record is part of the DNSSEC setup of a DNS zone.
The form contains the following fields:
• Hostname: The name that this record describes. Wildcard values such as * or *.sub are supported, and this field can contain an FQDN or just a hostname. If you specify an FQDN, the name must end with a dot; if you specify just a hostname, it must not end with a dot.
Examples:
- foo
- foo.example.com.
- www
- example.com.
- You can also leave the field empty which has the same meaning as if you'd fill in example.com.
• Data: The data of a DS Records consists of the following fields, separated by a whitespace:
- Key Tag
- Algorithm
- Digest Type
- Digest
- Example for the data field:
65061 7 1 0046B55D9FB10CE8C8F8ED1DC1D338044E27BFAB
• TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
• Active: This defines whether this HINFO record is active or not.
