Google Public DNS 開始支援 DNSSEC 驗證,讓 DNS 查詢更安全:「Google Public DNS Now Supports DNSSEC Validation」。
一般的查詢還是可以查到:
; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40844 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bogussig.dnssec.tjeb.nl. IN A ;; ANSWER SECTION: bogussig.dnssec.tjeb.nl. 422 IN A 178.18.82.80
加上 DNSSEC 選項後就可以把有問題的抓出來:
; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8 +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61704 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;bogussig.dnssec.tjeb.nl. IN A