We are pleased to announce that Google Public DNS now supports authentication of DNS data using
Ed25519 keys and signatures (as specified in
RFC 8080).
Try it out for yourself by running the following:
You should see AD (Authenticated Data) bit set in the response flags:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12655
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
If your current DNS resolver is Google Public DNS, you can also verify this by going to the automated DNSSEC test at
https://rootcanary.org/test.html and waiting for the ED25519 column to turn green:
Happy Secure Browsing,
Google Public DNS Team