[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipp.gov and Google DNS (8.8.8.8)

Subject: ipp.gov and Google DNS (8.8.8.8)
From: casey at deccio.net (Casey Deccio)
Date: Thu, 30 May 2013 09:03:37 -0700
In-reply-to: <[email protected]>
References: <CALC9k1oR-izbyKJRcM0DsQ4UntPCM=FGr_mggBQKbWwhmPFDWQ@mail.gmail.com> <[email protected]>

On Thu, May 30, 2013 at 8:17 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Thu, May 30, 2013 at 09:04:44AM -0600,
>  Josh Galvez <josh at zevlag.com> wrote
>  a message of 135 lines which said:
>
>> DNSSEC seems to be validating properly.
>
> Since Google Public DNS returns SERVFAIL even with the +cd option
> (Checking Disabled), I suspect that it is not a DNSSEC issue at all.
>

That's not my experience:

$ dig +cd @8.8.8.8 ipp.gov | grep status:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16884
$ dig @8.8.8.8 ipp.gov | grep status:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57555

The resolvers seem to be choking on the DNSKEY (with or without CD):

$ dig +cd @8.8.8.8 ipp.gov dnskey | grep status:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19590

Casey

Follow-Ups:
- ipp.gov and Google DNS (8.8.8.8)
  - From: guu at google.com (Yunhong Gu)

References:
- ipp.gov and Google DNS (8.8.8.8)
  - From: josh at zevlag.com (Josh Galvez)
- ipp.gov and Google DNS (8.8.8.8)
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)

Prev by Date: ipp.gov and Google DNS (8.8.8.8)
Next by Date: ipp.gov and Google DNS (8.8.8.8)
Previous by thread: ipp.gov and Google DNS (8.8.8.8)
Next by thread: ipp.gov and Google DNS (8.8.8.8)
Index(es):
- Date
- Thread