better check for dnssec-verifying resolver

check the authentic data bit for the NS records of "com.", not for ".": some dnssec-verifying resolvers return unauthentic data for ".". for issue #139 by triatic, thanks!
2025-07-12 21:34:38 +03:00 · 2024-03-07 10:34:13 +01:00
parent 9e7d6b85b7
commit 4db1f5593c
2 changed files with 4 additions and 2 deletions
--- a/quickstart.go
+++ b/quickstart.go
@ -162,8 +162,9 @@ logging in with IMAP.
 	resolveCtx, resolveCancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer resolveCancel()

+	// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
 	fmt.Printf("Checking if DNS resolvers are DNSSEC-verifying...")
-	_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, ".")
+	_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, "com.")
 	if err != nil {
 		fmt.Println("")
 		fatalf("checking dnssec support in resolver: %v", err)