DNS lookup

Check domain DNSSEC configuration and validate chain of trust

Example: cloudflare.com · nic.cz · paypal.com · google.com
Instructions
What is DNSSEC?

DNSSEC (DNS Security Extensions) uses digital signatures to verify the authenticity of DNS responses, preventing DNS spoofing and cache poisoning attacks. It establishes a chain of trust from the root zone to the target domain, ensuring DNS data has not been tampered with.

Checks Performed
  • DNSKEY — Domain public key records
  • DS — Parent zone delegation signer records
  • RRSIG — Digital signatures for resource records
  • AD bit — Trusted resolver validation result
  • Root → TLD → Domain chain of trust