dig dnssec-failed.org a +noall +dnssec +comments
If following received include:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL
The resolver is performing DNSSEC validation. (The status "SERVFAIL" means that the verification failed, but the verification itself is actually done.)
If following received include:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR
The resolver is not performing DNSSEC validation.
dig +bufsize=4096 +short rs.dns-oarc.net txt
e.g.
% kubectl get pod -o json | jq '.items[].metadata.name' | xargs -I% kubectl exec % /usr/bin/dig dnssec-failed.org a +noall +dnssec +comments
e.g.
ansible -i ./gce.pl all -m shell -a "dig dnssec-failed.org a +noall +dnssec +comments"
- If the consul-exec command is valid. e.g.
counsul exec "dig dnssec-failed.org a +noall +dnssec +comments"