Google Public DNS 開始支援 DNSSEC 驗證,讓 DNS 查詢更安全:「Google Public DNS Now Supports DNSSEC Validation」。
一般的查詢還是可以查到:
; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40844
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bogussig.dnssec.tjeb.nl. IN A
;; ANSWER SECTION:
bogussig.dnssec.tjeb.nl. 422 IN A 178.18.82.80
加上 DNSSEC 選項後就可以把有問題的抓出來:
; <<>> DiG 9.8.1-P1 <<>> bogussig.dnssec.tjeb.nl @8.8.8.8 +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61704
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;bogussig.dnssec.tjeb.nl. IN A