When a DNS lookup is run, some resolvers (such as 1.1.1.1) return comments with additional information, such as warning about DNSSEC failures. We should expose these comments to the end user in the embed generated by the dig command.
curl -H "Accept: application/dns-json" https://cloudflare-dns.com/dns-query\?name\=yumi.dev
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"yumi.dev","type":1}],"Comment":["EDE(9): DNSKEY Missing (no SEP matching the DS found for yumi.dev.)"]}
curl -H "Accept: application/dns-json" https://cloudflare-dns.com/dns-query\?name\=maven.yumi.dev\&cd\=true
{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":true,"Question":[{"name":"maven.yumi.dev","type":1}],"Answer":[{"name":"maven.yumi.dev","type":1,"TTL":300,"data":"104.21.73.112"},{"name":"maven.yumi.dev","type":1,"TTL":300,"data":"172.67.162.66"}],"Comment":["EDE(9): DNSKEY Missing (no SEP matching the DS found for yumi.dev.)"]}
curl -H "Accept: application/dns-json" https://dns.google/resolve\?name\=yumi.dev
{"Status":2,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"yumi.dev.","type":1}],"Comment":"DNSSEC validation failure. Check http://dnsviz.net/d/yumi.dev/dnssec/ and http://dnssec-debugger.verisignlabs.com/yumi.dev for errors"}
Note that Comment may be a string, or an array of strings, so the logic will need to handle both. Note that comments may be included even when a lookup is successful, such as if there was a DNSSEC error, but checking was disabled.
When a DNS lookup is run, some resolvers (such as 1.1.1.1) return comments with additional information, such as warning about DNSSEC failures. We should expose these comments to the end user in the embed generated by the dig command.
Note that
Comment
may be a string, or an array of strings, so the logic will need to handle both. Note that comments may be included even when a lookup is successful, such as if there was a DNSSEC error, but checking was disabled.