I think it would be good if Sky added DNSSEC support to their DNS servers. DNSSEC is a technology that verifies DNS records have not been modified fraudulently by checking their authenticity.
Granted, users can configure their devices to use third party public DNS servers, since they all support DNSSEC, but it would be nice to see first party support as well.
The DNS query below should fail on a DNSSEC-aware DNS server due to an intentionally broken signature.
> Resolve-DnsName sigfail.ippacket.stream -server 8.8.8.8
Resolve-DnsName : sigfail.ippacket.stream : DNS server failure
At line:1 char:1
+ Resolve-DnsName sigfail.ippacket.stream -server 8.8.8.8
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (sigfail.ippacket.stream:String) [Resolve-DnsName], Win32Exception
+ FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
> Resolve-DnsName sigfail.ippacket.stream -server 90.207.238.97
Name Type TTL Section NameHost
---- ---- --- ------- --------
sigfail.ippacket.stream CNAME 60 Answer sigfail.rsa2048-sha256.ippacket.stream
Name : sigfail.rsa2048-sha256.ippacket.stream
QueryType : AAAA
TTL : 60
Section : Answer
IP6Address : 2a01:4f8:13b:2048::113
Name : sigfail.rsa2048-sha256.ippacket.stream
QueryType : A
TTL : 60
Section : Answer
IP4Address : 195.201.14.36
