better check for dnssec-verifying resolver

check the authentic data bit for the NS records of "com.", not for ".": some
dnssec-verifying resolvers return unauthentic data for ".".

for issue #139 by triatic, thanks!

quickstart.go

@@ -162,8 +162,9 @@ logging in with IMAP.
 	resolveCtx, resolveCancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer resolveCancel()
 
+	// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
 	fmt.Printf("Checking if DNS resolvers are DNSSEC-verifying...")
-	_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, ".")
+	_, resolverDNSSECResult, err := resolver.LookupNS(resolveCtx, "com.")
 	if err != nil {
 		fmt.Println("")
 		fatalf("checking dnssec support in resolver: %v", err)

webadmin/admin.go

@@ -529,7 +529,8 @@ func checkDomain(ctx context.Context, resolver dns.Resolver, dialer *net.Dialer,
 		defer logPanic(ctx)
 		defer wg.Done()
 
-		_, result, err := resolver.LookupNS(ctx, ".")
+		// Some DNSSEC-verifying resolvers return unauthentic data for ".", so we check "com".
+		_, result, err := resolver.LookupNS(ctx, "com.")
 		if err != nil {
 			addf(&r.DNSSEC.Errors, "Looking up NS for DNS root (.) to check support in resolver for DNSSEC-verification: %s", err)
 		} else if !result.Authentic {