Verify DNSSEC being used by Safari when visiting a web site

macos security dns safari

Is there some way to verify that DNSSEC was used by Safari when visiting a web site?

I'm most interested in Safari for Mac OS X. But if there is a way in iOS, that would be important as well.


DNSSEC is an extension of the DNS infrastructure. Usually a browser is not involved in domain name resolution. So there is no way for Safari to detect DNSSEC directly.

There is an Safari DNSSEC extension though which allows you to check the existence and validity of DNS Security Extensions (DNSSEC) records and Transport Layer Security Association (TLSA) records related to domain names. You can download it for several browsers here: DNSSEC/TLSA Validator

Direct link of the Safari extension:

  • dnssec-tlsa-plugin-2.2.0

(this is a shell script which has to be executed in Terminal.app)

Related

Boot Camp Assistant: "This Mac does not support Boot Camp"
Does FileVault 2 also encrypt my free disk space?
Uninstall default PHP on El Capitan
Mac office, outlook keep calendar invite in e-mail box
Delete last word using Command + Backspace
Mapping the same Json key in different variables in the same object
PostgreSQL aggregate over json arrays
Why doesn't `width:100%; height:100%; object-fit: contain;` make a <video> fit its container?
Exe not working properly outside of visual studio?
Are temporary tables in a global MySQL PDO connection within PHP shared? [duplicate]
"git submodule foreach" does not work on Windows
How to remove foreign escaped quotes from string? Python