Verify DNSSEC being used by Safari when visiting a web site
Is there some way to verify that DNSSEC was used by Safari when visiting a web site?
I'm most interested in Safari for Mac OS X. But if there is a way in iOS, that would be important as well.
DNSSEC is an extension of the DNS infrastructure. Usually a browser is not involved in domain name resolution. So there is no way for Safari to detect DNSSEC directly.
There is an Safari DNSSEC extension though which allows you to check the existence and validity of DNS Security Extensions (DNSSEC) records and Transport Layer Security Association (TLSA) records related to domain names. You can download it for several browsers here: DNSSEC/TLSA Validator
Direct link of the Safari extension:
- dnssec-tlsa-plugin-2.2.0
(this is a shell script which has to be executed in Terminal.app)