DNSSEC Validator
Enter a domain name to validate DNSSEC via Google DNS-over-HTTPS

DNSSEC Validator — Check DNSSEC Online

This tool checks the presence and validity of DNSSEC for any domain via Google DNS-over-HTTPS (DoH) with the DO (DNSSEC OK) flag. It verifies DNSKEY, DS records, RRSIG signatures, and the AD flag in the response.

What is DNSSEC?

DNSSEC (DNS Security Extensions) is a set of DNS extensions that add cryptographic signatures to DNS records. This protects against DNS response forgery (DNS cache poisoning and man-in-the-middle attacks).

DNSSEC Components

Chain of Trust

DNSSEC uses a hierarchical chain: from the root zone (.) through the TLD (.com, .io) down to the domain's DNS zone. If any link in the chain is missing, DNSSEC validation fails.

Why DNSSEC Matters

Frequently Asked Questions