diff --git a/service.go b/service.go
index a0cc3c6..7225cdb 100644
--- a/service.go
+++ b/service.go
@@ -38,10 +38,13 @@ type NameRecords struct {
 }
 
 type ResolveAllResult struct {
-	A    []string `json:"a"`
-	AAAA []string `json:"aaaa"`
-	TXT  []string `json:"txt"`
-	NS   []string `json:"ns"`
+	A      []string `json:"a"`
+	AAAA   []string `json:"aaaa"`
+	TXT    []string `json:"txt"`
+	NS     []string `json:"ns"`
+	DS     []string `json:"ds,omitempty"`
+	DNSKEY []string `json:"dnskey,omitempty"`
+	RRSIG  []string `json:"rrsig,omitempty"`
 }
 
 type ResolveAddressResult struct {
@@ -958,10 +961,13 @@ func (service *Service) findRecord(name string) (NameRecords, bool) {
 
 func resolveResult(record NameRecords) ResolveAllResult {
 	return ResolveAllResult{
-		A:    cloneStrings(record.A),
-		AAAA: cloneStrings(record.AAAA),
-		TXT:  cloneStrings(record.TXT),
-		NS:   cloneStrings(record.NS),
+		A:      cloneStrings(record.A),
+		AAAA:   cloneStrings(record.AAAA),
+		TXT:    cloneStrings(record.TXT),
+		NS:     cloneStrings(record.NS),
+		DS:     cloneStrings(record.DS),
+		DNSKEY: cloneStrings(record.DNSKEY),
+		RRSIG:  cloneStrings(record.RRSIG),
 	}
 }
 
diff --git a/service_test.go b/service_test.go
index 3a3f1c8..aca9374 100644
--- a/service_test.go
+++ b/service_test.go
@@ -2177,6 +2177,36 @@ func TestServiceResolveAllReturnsEmptyArraysForMissingName(t *testing.T) {
 	}
 }
 
+func TestServiceResolveAllIncludesDNSSECRecords(t *testing.T) {
+	service := NewService(ServiceOptions{
+		Records: map[string]NameRecords{
+			"gateway.charon.lthn": {
+				A:      []string{"10.10.10.10"},
+				DS:     []string{"60485 8 2 A1B2C3D4E5F60718293A4B5C6D7E8F9012345678"},
+				DNSKEY: []string{"257 3 13 AA=="},
+				RRSIG:  []string{"A 8 2 3600 20260101000000 20250101000000 12345 gateway.charon.lthn. AA=="},
+			},
+		},
+	})
+
+	result, ok := service.ResolveAll("gateway.charon.lthn")
+	if !ok {
+		t.Fatal("expected dnssec record to resolve")
+	}
+	if len(result.A) != 1 || result.A[0] != "10.10.10.10" {
+		t.Fatalf("unexpected A records in dns.resolve.all payload: %#v", result.A)
+	}
+	if len(result.DS) != 1 || result.DS[0] != "60485 8 2 A1B2C3D4E5F60718293A4B5C6D7E8F9012345678" {
+		t.Fatalf("expected DS payload in resolve.all, got %#v", result.DS)
+	}
+	if len(result.DNSKEY) != 1 || result.DNSKEY[0] != "257 3 13 AA==" {
+		t.Fatalf("expected DNSKEY payload in resolve.all, got %#v", result.DNSKEY)
+	}
+	if len(result.RRSIG) != 1 || result.RRSIG[0] != "A 8 2 3600 20260101000000 20250101000000 12345 gateway.charon.lthn. AA==" {
+		t.Fatalf("expected RRSIG payload in resolve.all, got %#v", result.RRSIG)
+	}
+}
+
 func TestServiceServeReturnsNXDOMAINWhenMissing(t *testing.T) {
 	service := NewService(ServiceOptions{})