[dns-operations] google DNS doing validation?
Robert Edmonds
edmonds at isc.org
Mon Jan 28 16:56:34 UTC 2013
Joe Abley wrote:
> Hi all,
>
> I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw 8.8.8.8 giving secure answers when queried with EDNS0/DO=1.
>
> The responding node of 8.8.8.8 we saw in Wellington was in Sydney, I think (routing out through REANZ) but I see the same thing from my desk at home so perhaps this is a widespread change.
>
> 8.8.8.8 doesn't seem to support NSID, ID.SERVER/CH/TXT or HOSTNAME.BIND/CH/TXT but I included a traceroute in case anybody is interested.
>
> The FAQ still says that responses are not validated, but perhaps there is a documentation gap. <https://developers.google.com/speed/public-dns/faq#dnssec>
can 8.8.8.8 be used behind a validating forwarder now? the last time i
tried that it didn't work (i think there was some difficulty with
locating DS records), but that was a while ago.
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list