The manual way would be to run a "dig" command to query the domain you want to check but the DNS server you query has to support DNSSEC.
Plan B was using an API provided by SIDN Labs. You can leverage their API by running a "curl" command as seen below. Any status other than "secure" is bad.
This method is tedious if you want to check multiple domains. Alternatively, you can populate a CSV file with the domains you want to check and upload them to SIDN Labs using this form. I replicated the form below.