Re: ipp.gov and Google DNS (8.8.8.8)

[Yunhong Gu <guu () google com>]

Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from
its authoritative name servers. If there is anyone on this list who manages
ipp.gov DNS servers, please take a look. Our resolver IPs can be found at
https://developers.google.com/speed/public-dns/faq#locations.


Thanks
Yunhong (Google Public DNS)


On Thu, May 30, 2013 at 12:03 PM, Casey Deccio <casey () deccio net> wrote:

> On Thu, May 30, 2013 at 8:17 AM, Stephane Bortzmeyer <bortzmeyer () nic fr>
> wrote:
> > On Thu, May 30, 2013 at 09:04:44AM -0600,
> >  Josh Galvez <josh () zevlag com> wrote
> >  a message of 135 lines which said:
> >
> > > DNSSEC seems to be validating properly.
> >
> > Since Google Public DNS returns SERVFAIL even with the +cd option
> > (Checking Disabled), I suspect that it is not a DNSSEC issue at all.
>
> That's not my experience:
>
> $ dig +cd @8.8.8.8 ipp.gov | grep status:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16884
> $ dig @8.8.8.8 ipp.gov | grep status:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57555
>
> The resolvers seem to be choking on the DNSKEY (with or without CD):
>
> $ dig +cd @8.8.8.8 ipp.gov dnskey | grep status:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19590
>
> Casey