Resolve-DnsName -DNSSECOK output should indicate validation success or failure (AD flag set)
When using "Resolve-DnsName -DNSSECOK" to resolve a DNS name that may be signed with DNSSEC, the output of the command should indicate validation success or failure somehow; for example, the output object could have a new property named "DnsSecValidated" or "AuthenticatedData" set to true/false.
In various documents, Microsoft currently demos testing a DNSSEC response with a third-party tool (dig). It would be better to handle it all natively in PowerShell.
( Here is how the dig tool does it: https://techglimpse.com/dns-dnssec-testing-validating-tools/ )
More specifically, a response to a DNS query with the "DNSSEC OK" flag should set another flag named "Authenticated Data" when the DNS server has successfully validated the signature of the response data. This is a bit flag in the response packet returned to the resolving client. The DNSCache service already looks for this flag for the sake of Name Resolution Policy Table (NRPT) rules, so this request is just to bubble up this data to the Resolve-DnsName cmdlet and its output.
Thanks for the report! Unfortunately, this UserVoice is for core modules included with PowerShell itself, while the DnsClient module belongs to the Windows 10 team. The best way to reach them is to file feedback using the Windows Feedback Hub in Windows 10 to drive this request.