[dns-operations] google DNS doing validation?
Hauke Lampe
lampe at hauke-lampe.de
Mon Jan 28 17:14:45 UTC 2013
On 28.01.2013 17:35, Joe Abley wrote:
> I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw 8.8.8.8 giving secure answers when queried with EDNS0/DO=1.
It appears they're validating _only_ when queried with DO=1:
dig badsig.dnstest.hauke-lampe.de @8.8.8.8 -> status: NOERROR
dig +dnssec badsig.dnstest.hauke-lampe.de @8.8.8.8 -> status: SERVFAIL
Still no alternative to a local validating resolver but a big step in
the right direction, I think.
Hauke.
More information about the dns-operations
mailing list