check_dnssec
Verify DNSSEC status to prevent cache poisoning and DNS spoofing. Checks DNSKEY and DS records for validation.
Instructions
Check DNSSEC status for a domain. Verifies whether DNS is tamper-proof and protected against cache poisoning and DNS spoofing attacks by validating DNSKEY and DS records. Reports whether DNSSEC is enabled and validating. Part of the scan_domain audit.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to check (e.g., example.com) | |
| format | No | Output verbosity. Auto-detected if omitted. | |
| force_refresh | No | Bypass cache and run a fresh check. Useful after DNS changes. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| score | Yes | ||
| passed | Yes | ||
| category | Yes | ||
| findings | Yes |