Test Your Resolver
Here you can test your resolver for downgrade vulnerabilities. Analysis covers whether your resolver validates DNSSEC at all, which ciphers it supports, and whether it is susceptible to a number of DNSSEC downgrade attacks. Cipher support tests take a selection of eight algorithms into consideration, covering all that have not yet been deprectated, including those which are most commonly used to protect domains on the Internet. Depending on the capabilities and configuration of your resolver, investigations take from a few seconds up to a minute.