GTM DNSSEC and dig
In my quest to work with dotgov to get DNSSEC enabled on the GTM (it shouldn't be this hard) the latest thing they are saying is that dig is not returning the DNSKEY records. The command they are using to check is dig @nameserver mydomain.gov ANY +dnssec +multiline which I tested and it in fact does not return the DNSKEY records. However dig -t DNSKEY does. They are insisting that's why our domain won't validate.
I did some testing and it's true that dig with a query type of ANY does not return the DNSKEY records on the GTM with DNSSEC but it does if I test against a bind9 server running DNSSEC.
Anyone else ever come across this? I find it odd that the F5 doesn't return DNSKEY records for a ANY type query and it does seem like a bug to me.