From 7f0295a4158da056b80cc20f8089970ecb87b5b5 Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Thu, 22 Jul 2021 14:11:50 +0530
Subject: [PATCH] Added DNSSEC Detection

---
 dns/dnssec-detection.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 dns/dnssec-detection.yaml

diff --git a/dns/dnssec-detection.yaml b/dns/dnssec-detection.yaml
new file mode 100644
index 0000000000..7c64193c85
--- /dev/null
+++ b/dns/dnssec-detection.yaml
@@ -0,0 +1,22 @@
+id: dnssec-detection
+
+info:
+  name: DNSSEC Detection
+  description: A template to check if Delegation of Signing (DS) record provides information about a signed zone file when DNSSEC enabled.
+  author: pdteam
+  severity: info
+  tags: dns,dnssec
+  reference: https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/
+
+dns:
+  - name: "{{FQDN}}"
+    type: DS
+    class: inet
+    recursion: true
+    retries: 3
+
+    extractors:
+      - type: regex
+        group: 1
+        regex:
+          - "IN\tDS\t(.+)"