nanog mailing list archives
Re: ipp.gov and Google DNS (8.8.8.8)
From: Casey Deccio <casey () deccio net>
Date: Thu, 30 May 2013 09:03:37 -0700
On Thu, May 30, 2013 at 8:17 AM, Stephane Bortzmeyer <bortzmeyer () nic fr> wrote:
On Thu, May 30, 2013 at 09:04:44AM -0600, Josh Galvez <josh () zevlag com> wrote a message of 135 lines which said:DNSSEC seems to be validating properly.Since Google Public DNS returns SERVFAIL even with the +cd option (Checking Disabled), I suspect that it is not a DNSSEC issue at all.
That's not my experience: $ dig +cd @8.8.8.8 ipp.gov | grep status: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16884 $ dig @8.8.8.8 ipp.gov | grep status: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57555 The resolvers seem to be choking on the DNSKEY (with or without CD): $ dig +cd @8.8.8.8 ipp.gov dnskey | grep status: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19590 Casey
Current thread:
- ipp.gov and Google DNS (8.8.8.8) Josh Galvez (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Stephane Bortzmeyer (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Yunhong Gu (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Yunhong Gu (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Dale W. Carder (May 31)
- Re: ipp.gov and Google DNS (8.8.8.8) Casey Deccio (May 30)
- Re: ipp.gov and Google DNS (8.8.8.8) Stephane Bortzmeyer (May 30)