[dns-operations] google DNS doing validation?

Hauke Lampe lampe at hauke-lampe.de
Mon Jan 28 17:14:45 UTC 2013

On 28.01.2013 17:35, Joe Abley wrote:

> I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw giving secure answers when queried with EDNS0/DO=1.

It appears they're validating _only_ when queried with DO=1:

dig badsig.dnstest.hauke-lampe.de @ -> status: NOERROR
dig +dnssec badsig.dnstest.hauke-lampe.de @ -> status: SERVFAIL

Still no alternative to a local validating resolver but a big step in 
the right direction, I think.


More information about the dns-operations mailing list