Adding and Removing DS Records

Table of Contents


DS (Delegation Signer) records are used in DNSSEC to secure your domain.

Adding a DS record

DS records can only be manually added for domains not registered with DNSimple. For domains registered at DNSimple, DS records are automatically handled when DNSSEC is enabled.

  1. Use the account switcher at the top of the page to select the appropriate account.

  2. From your Domain Names list, click the domain name to access its management page.

  3. Click the DNSSEC tab on the left.

  4. Click Manage in the DS Records card.

  5. On the DS Records page, click Add DS Record.

The form fields that appear will depend on the domain’s TLD. The system will show either the DS-Data or KEY-Data interface automatically.
screenshot: add ds record

Adding a DS record using the DS-Data interface

  1. Enter the DS record information.

    Add DS Record with DS Data

    • Algorithm: the algorithm used to generate the signature.

    • Keytag: a numerical value that identifies the referenced DNSKEY record.

    • Digest Type: the type of algorithm used to create the digest.

    • Digest: the hash value of the DNSKEY record, in hexadecimal format.

  2. Click Add DS Record to create the record.

  3. The record is created and visible in the record list.

Adding a DS record using the KEY-Data interface

  1. Enter the DS record information. The Flags and Protocol form fields will be pre-filled with the appropriate values.

    Add DS Record with Key Data

    • Algorithm: the algorithm used to generate the signature.

    • Public Key: public key of the Key-signing key of your zone signing configuration.

  2. Click Add DS Record to create the record.

  3. The record is created and visible in the record list.

To add a DS record with the DNSSEC API, check out our developer documentation.

Removing a DS record

Important

You can only manually remove a DS record if it is not managed by DNSimple. If DNSSEC is enabled and managed by DNSimple, the only way to remove the DS record is by disabling DNSSEC.

  1. Use the account switcher at the top of the page to select the appropriate account.

  2. From your Domain Names list, click the domain name to access its management page.

  3. Click the DNSSEC tab on the left.

  4. Click Manage in the DS Records card.

  5. On the DS records page, search for the record, and click the trash icon to delete it.

    screenshot: Delete DS Record

  6. Click Delete to delete the record.

    screenshot: Showing confirmation prior to deleting DS record

  7. The record is deleted and no longer visible in the record list.

To remove a DS record with the DNSSEC API, check out our developer documentation.

Have more questions?

If you have any questions or need help managing your DS records, just contact support, and we’ll assist you.