[dns-operations] google DNS doing validation?

Robert Edmonds edmonds at isc.org
Mon Jan 28 16:56:34 UTC 2013


Joe Abley wrote:
> Hi all,
> 
> I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw 8.8.8.8 giving secure answers when queried with EDNS0/DO=1.
> 
> The responding node of 8.8.8.8 we saw in Wellington was in Sydney, I think (routing out through REANZ) but I see the same thing from my desk at home so perhaps this is a widespread change.
> 
> 8.8.8.8 doesn't seem to support NSID, ID.SERVER/CH/TXT or HOSTNAME.BIND/CH/TXT but I included a traceroute in case anybody is interested.
> 
> The FAQ still says that responses are not validated, but perhaps there is a documentation gap. <https://developers.google.com/speed/public-dns/faq#dnssec>

can 8.8.8.8 be used behind a validating forwarder now?  the last time i
tried that it didn't work (i think there was some difficulty with
locating DS records), but that was a while ago.

-- 
Robert Edmonds
edmonds at isc.org



More information about the dns-operations mailing list