Route53Domains / Client / associate_delegation_signer_to_domain



Creates a delegation signer (DS) record in the registry zone for this domain name.

Note that creating DS record at the registry impacts DNSSEC validation of your DNS records. This action may render your domain name unavailable on the internet if the steps are completed in the wrong order, or with incorrect timing. For more information about DNSSEC signing, see Configuring DNSSEC signing in the Route 53 developer guide.

See also: AWS API Documentation

Request Syntax

response = client.associate_delegation_signer_to_domain(
        'Algorithm': 123,
        'Flags': 123,
        'PublicKey': 'string'
  • DomainName (string) –


    The name of the domain.

  • SigningAttributes (dict) –


    The information about a key, including the algorithm, public key-value, and flags.

    • Algorithm (integer) –

      Algorithm which was used to generate the digest from the public key.

    • Flags (integer) –

      Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256). Using KSK is always encouraged. Only use ZSK if your DNS provider isn’t Route 53 and you don’t have KSK available.

      If you have KSK and ZSK keys, always use KSK to create a delegations signer (DS) record. If you have ZSK keys only – use ZSK to create a DS record.

    • PublicKey (string) –

      The base64-encoded public key part of the key pair that is passed to the registry.

Return type:



Response Syntax

    'OperationId': 'string'

Response Structure

  • (dict) –

    • OperationId (string) –

      The identifier for tracking the progress of the request. To query the operation status, use GetOperationDetail.


  • Route53Domains.Client.exceptions.DuplicateRequest

  • Route53Domains.Client.exceptions.InvalidInput

  • Route53Domains.Client.exceptions.OperationLimitExceeded

  • Route53Domains.Client.exceptions.TLDRulesViolation

  • Route53Domains.Client.exceptions.UnsupportedTLD

  • Route53Domains.Client.exceptions.DnssecLimitExceeded