[dns-operations] google DNS doing validation?

Robert Edmonds edmonds at isc.org
Mon Jan 28 16:56:34 UTC 2013

Joe Abley wrote:
> Hi all,
> I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw giving secure answers when queried with EDNS0/DO=1.
> The responding node of we saw in Wellington was in Sydney, I think (routing out through REANZ) but I see the same thing from my desk at home so perhaps this is a widespread change.
> doesn't seem to support NSID, ID.SERVER/CH/TXT or HOSTNAME.BIND/CH/TXT but I included a traceroute in case anybody is interested.
> The FAQ still says that responses are not validated, but perhaps there is a documentation gap. <https://developers.google.com/speed/public-dns/faq#dnssec>

can be used behind a validating forwarder now?  the last time i
tried that it didn't work (i think there was some difficulty with
locating DS records), but that was a while ago.

Robert Edmonds
edmonds at isc.org

More information about the dns-operations mailing list