What if your DNS provider is a honeypot?
I started using nextdns.io recently and pretty happy with it until I got this thought of what if they are a honeypot? How can we validate it, for any DNS provider?
If you mean they give a different answer specifically for you, then you would have to mirror your requests to multiple providers and the root servers to see who is not telling the truth. Perhaps build a web UI like this [1] or write a script to select some of your commonly requested names and query all the servers. At times you can expect answers to differ, as people change DNS and TTL will expire from caches at different times. Some sites may give a different IP based on the source location of your DNS client if they are doing GSLB and not using Anycast.
In a script you might use the "dig" command with options like this so you can see when the TTL is about to expire.
dig @some_server +noall +answer some.domain
[1] -
https://www.whatsmydns.net/#NS/ycombinator.com
Sending all your requests to a single DNS point is bad security. Best just 'spreading' your DNS out, so use a mix of Quad9, Google, OpenDNS, Cloudflare 1.1.1.1 etc
I live by the motto: Don't put all your eggs in one basket
What do you mean by a honeypot? Do you mean if they're running a scam, or actually a honeypot and you're running a scam that could be found?
I think you have to trust your DNS resolver or choose a new one. You can compare the results of different resolvers but I'm not aware of any solutions out of the box. For example:
dig example.com A
compare against
dig example.com A @dns.google.com
etc