DS records (Delegation Signer) are used to secure delegations (DNSSEC). A DS record with the name of the sub-delegated zone is placed in the parent zone along with the delegating NS Records. This DS record references a DNSKEY record in the sub-delegated zone.
DS records have the following components:
The DS Record has the following look in your DNS zone management page:
Host | Type | Points to: | TTL |
host.domain.com | DS | key_tag algorithm digest_type digest | 1 Hour |
So let us imagine that your parent DNS zone is already DNSSEC signed and hosted here. And you intend to delegate a subdomain of your root domain somewhere else. There is nothing wrong with that. But you will also need to sign the delegated subdomain zone in order to preserve the chain of trust for DNSSEC. This can be done by placing the signer DS record for your subdomain in your parent zone hosted here.
Go to your DNS zone management page and click on Add new record. For Type choose DS and type as follows:
ClouDNS provides full support for DS records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your DS records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.
Question: Can I add a DS record for a subdomain, if there are already other records for the same hostname, such as A, MX, TXT, etc.?
Answer: No, you can't. First and foremost, in order for you to be able to add a DS record for your subdomain, the delegation part of your subdomain must be in action. In simple words, the relevant NS records for your subdomain, the "delegators" so to say, must be added first. And to add the NS records, there must be no other records for that particular hostname.