DNSSEC not detected

[nukeador]

This domain returns false

$ checkdmarc cjcanarias.es | grep dnssec
  "dnssec": false,

But this returns true

https://dnssec-analyzer.verisignlabs.com/cjcanarias.es

[Kagee]

Works for me with nameservers=1.0.0.1. Try to use spesific nameservers (i.e --nameserver=1.0.0.1) as i.e. systemd-resolvd will not return the RRSIG records that checkdmarc uses as a check for DNSSEC.

[nukeador]

Interesting, we tested it locally and also from github-actions. Adding that flag seems to return accurate results. Maybe it should use that by default?

[seanthegeek]

Previous versions of checkdmarc used 1.1.1.1 and 1.0.0.1 as the default nameservers, but this caused issues when the network blocked queries to external nameservers, which is the case for many enterprise networks.