I'm using the dnsviz debugger to verify the key tags , and to ensure that we are secured from the root down to the subdomain of hyperfeed dot net.
( http://dnsviz.net/d/hyperfeed.net/dnssec/ )
By using dig we can validate the key tags , which should match the above graphical representations.
dig +multiline +dnssec hyperfeed.net @pdns03.domaincontrol.com dnskey
( output shorten )
Remember DNSSEC on validates the authenticity of the response if a dnssec query is submitted. It provides no encryption ( review my earlier blog on dnscurve )
So by querying a resource-record we can validate the response by the "ad " flags;
So dnssec can be enabled with ease and validated very simple.
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
=( @ @ )=