[dns-operations] google DNS doing validation?

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Jul 26 15:20:08 UTC 2018

On Thu, Jul 26, 2018 at 09:14:49AM -0600,
 Casey Deccio <casey at deccio.net> wrote 
 a message of 26 lines which said:

> This might be explained by the observation that at one point in time, a subset of the authoritative was returning valid RRSIGs, and the rest were returning invalid RRSIGs:
> http://dnsviz.net/d/servfail.nl/W1mymg/dnssec/

It seems fixed now, they all return expired signatures:


And the Atlas probes indeed get SERVFAIL (those who use a validating resolver):

% blaeu-resolve --dnssec -r 100 -q SOA --displayvalidation servfail.nl.
Probe 27884 failed (malformed DNS message)
[ERROR: NXDOMAIN] : 1 occurrences 
[ERROR: SERVFAIL] : 46 occurrences 
[ERROR: FORMERR] : 1 occurrences 
[li1.forfun.net. hostmaster.forfun.net. 1532606883 86400 7200 2419200 60] : 43 occurrences 
Test #15399233 done at 2018-07-26T15:17:56Z

More information about the dns-operations mailing list