[dns-operations] google DNS doing validation?
Casey Deccio
casey at deccio.net
Thu Jul 26 15:14:49 UTC 2018
> On Jul 26, 2018, at 9:02 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> On Thu, Jul 26, 2018 at 09:02:44AM -0500,
> frnkblk at iname.com <frnkblk at iname.com> wrote
> a message of 95 lines which said:
>
>> FYI, servfail.nl hasn't been working properly since about 6:40
>> U.S. Central. DNSsec resolution did not properly fail
>
> Indeed, it works, this is why it is broken :-)
>
> Seriously, the problem does not seem consistent: some RIPE Atlas
> probes with validation can resolve servfail.nl (the 11), others get a
> SERVFAIL (44 of them, the rest apparently do not validate).
This might be explained by the observation that at one point in time, a subset of the authoritative was returning valid RRSIGs, and the rest were returning invalid RRSIGs:
http://dnsviz.net/d/servfail.nl/W1mymg/dnssec/
Casey
More information about the dns-operations
mailing list