Open yhaenggi opened 7 years ago
Maybe we can use dnsruby for this. I'll see what I can do.
I added the -z
option in https://github.com/konsolebox/scripts/commit/e8faf34069405731ff2116dad1612ae84a67c8da. It allows only using services that are labelled to support DNSSEC.
I think it would take a while before I decide to add the feature that validates DNSSEC since it complicates the code and adds heavy dependencies. I also noticed that there are only very few domains that support DNSSEC.
2 Feature Requests:
Validate the DNSSEC entries of the domains specified by --resolver-check. Also an option to only use dnssec aware servers.