[aigo@daemon ~]$ dig
www.paypal.com +dnssec @
8.8.8.8
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-12.P4.fc23 <<>>
www.paypal.com +dnssec @
8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64379
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;
www.paypal.com. IN A
;; ANSWER SECTION:
www.paypal.com. 270 IN CNAME
www.paypal.com.akadns.net.
www.paypal.com. 270 IN RRSIG CNAME 5 3 300 20160604123809 20160505122959 11811
paypal.com. cws+FK7yIPJs4AVaWPCt3MLc2XbQF0H6IoqPQy48lUlVtc8D99oCCPlA xR3930kV4QQ1jd07BT9MmrvnFQS378sQLo4MdH3xmZkSEmf10rai8Fo5 4ccFUyoDq/pR49Om3TgdmKy17ADgA4x25NTc9QxYDFz+/4jHzgWC6PGS izo=
www.paypal.com.akadns.net. 29 IN CNAME
ppdirect.paypal.com.akadns.net.
ppdirect.paypal.com.akadns.net. 299 IN CNAME
wlb.paypal.com.akadns.net.
wlb.paypal.com.akadns.net. 29 IN CNAME
www.paypal.com.edgekey.net.
www.paypal.com.edgekey.net. 33 IN CNAME
e3694.a.akamaiedge.net.
e3694.a.akamaiedge.net. 19 IN A 23.45.85.150
;; Query time: 201 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue May 10 23:17:19 CST 2016
;; MSG SIZE rcvd: 379
不仅要服务器支持 dnssec ,如 8.8.8.8
还要求域名提供了签名,如
www.paypal.com (一般是对安全性要求比较高的域名)。
如果返回的记录中有 RRSIG 记录,则表示支持 dnssec
建议 google dnssec how to 。