Verify the authenticity of DNS records with DNSSEC resolver delv
DNSSEC
DNS Security Extensions (DNSSEC) is a security protocol created to mitigate this problem. DNSSEC protects against attacks by digitally signing data to help ensure its validity. In order to ensure a secure lookup, the signing must happen at every level in the DNS lookup process.
- DNSKEY record - The
DNS Key Recordcontains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.
How to verify
Usage
delv @dns-server-name domain-name-here
Example
delv @1.1.1.1 google.com
delv @8.8.8.8 cloudflare.com
Validated answer
; fully validated
cloudflare.com. 300 IN A 104.16.132.229
cloudflare.com. 300 IN A 104.16.133.229
cloudflare.com. 300 IN RRSIG A 13 2 300 20230504045136 20230502025136 34505 cloudflare.com. oh/bCApFIy3DKwHGJFGJnTPQ2UDjKx2Ei3tJAeVDax+WMh1pj6LArIc0 CPyezZDsEy2cyh39saUykyzw5/MLOA==
Unsigned answer
; unsigned answer
google.com. 300 IN A 142.251.10.100
google.com. 300 IN A 142.251.10.101
google.com. 300 IN A 142.251.10.102
google.com. 300 IN A 142.251.10.113
google.com. 300 IN A 142.251.10.138
google.com. 300 IN A 142.251.10.139
Reference
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-enhttps://cloud.google.com/dns/docs/dnssechttps://www.akamai.com/blog/trends/dnssec-how-it-works-key-considerationshttps://www.cloudflare.com/learning/dns/dns-records/https://www.cloudflare.com/learning/dns/dns-records/dnskey-ds-records/
Back to Table of Contents
Disclaimer
- License under
CC BY-NC 4.0 - Copyright issue feedback
me#imzye.com, replace # with @ - Not all the commands and scripts are tested in production environment, use at your own risk
- No personal information is collected.
Feedback
