[dns-operations] google DNS doing validation?
regnauld at nsrc.org
Mon Jan 28 17:25:46 UTC 2013
Stephan Lagerholm (stephan.lagerholm) writes:
> Not sure about that.
> I get the AD bit back but oddly enough, the Swedish deliberately broken site trasigdnssec.se does not servfail on the 188.8.131.52/184.108.40.206 but it does on the google dns v6 address:
I've observed this as well: records with valid signatures get
validated and I see the AD bit, but broken ones (different
zone) aren't validated and returned as is.
Some sort of balancing or hashing based on the types of queries (or
plain round robin) ?
What if one tests with secure and bogus RRsets within the same zone ?
More information about the dns-operations