Private/Security/Get-DNSSECDetails.ps1

function Get-DNSSECDetails {
    [CmdletBinding()]
    param (
        [Parameter()]
        $DomainName
    )
    $ResolveSplat = @{
        Name          = $DomainName
        Type          = 'DNSKEY'
        ErrorAction   = 'SilentlyContinue'
        WarningAction = 'SilentlyContinue'
        Server        = '8.8.8.8'
    }
    $dnskey_dnsrecord = Resolve-DnsName @ResolveSplat | Where-Object { $_.Type -eq 'DNSKEY' }
    $dnskey_exists = (($dnskey_dnsrecord | Measure-Object | Select-Object -ExpandProperty Count) -gt 0)

    # If we don't detect an MTA-STS DNS record, return
    if ($dnskey_dnsrecord -eq $null) {
        Write-Verbose "Couldn't locate a DNSKEY record for domain: $DomainName"
        $dnskey_dnsrecord = "N/A"
    }

    [PSCustomObject]@{
        'DNSKeyExists' = $dnskey_exists
        'DNSKEYRecord' = $dnskey_dnsrecord
    }
}