_noob.tools
My IP
Return to Matrix Dashboard

🛡️DNSSEC Chain Validator

Verify the cryptographic integrity of your DNS infrastructure. This tool traces the Chain of Trust from the Root Zone (.) down to your specific domain, validating that parent Delegation Signer (DS) records correctly match child DNSKEYs.

Why Validate the DNSSEC Chain of Trust?

DNS Security Extensions (DNSSEC) protect your domain against cache poisoning and man-in-the-middle attacks by cryptographically signing DNS responses. However, a misconfigured key rollover can completely break resolution for your domain, causing a global outage.

Key Rollover & Migration Warning: When migrating DNS providers or rotating keys at your registrar (like NIC), it is strictly mandatory that the Delegation Signer (DS) record in the parent zone correctly matches the Key Signing Key (KSK) in your new zone. Using this tool before and after a migration ensures your domain remains securely resolvable.

This validator parses DNSKEY algorithms and computes Key Tags directly in your browser. It mimics the behavior of strict validating resolvers (like Google DNS or Cloudflare) to expose exactly where the chain might be broken: whether the zone is entirely unsigned, missing a parent DS, or suffering from a bogus signature mismatch.

Key Features:

  • Traces full resolution path (Root ➔ TLD ➔ Domain).
  • Client-side Key Tag computation for maximum transparency.
  • Visualizes KSK (Key Signing Key) vs ZSK (Zone Signing Key) structures.
  • Instant feedback on Secure, Insecure, or Bogus validation states.