[dns-operations] google DNS doing validation?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jul 26 15:20:08 UTC 2018
On Thu, Jul 26, 2018 at 09:14:49AM -0600,
Casey Deccio <casey at deccio.net> wrote
a message of 26 lines which said:
> This might be explained by the observation that at one point in time, a subset of the authoritative was returning valid RRSIGs, and the rest were returning invalid RRSIGs:
>
> http://dnsviz.net/d/servfail.nl/W1mymg/dnssec/
It seems fixed now, they all return expired signatures:
http://dnsviz.net/d/servfail.nl/dnssec/
And the Atlas probes indeed get SERVFAIL (those who use a validating resolver):
% blaeu-resolve --dnssec -r 100 -q SOA --displayvalidation servfail.nl.
Probe 27884 failed (malformed DNS message)
[ERROR: NXDOMAIN] : 1 occurrences
[ERROR: SERVFAIL] : 46 occurrences
[ERROR: FORMERR] : 1 occurrences
[li1.forfun.net. hostmaster.forfun.net. 1532606883 86400 7200 2419200 60] : 43 occurrences
Test #15399233 done at 2018-07-26T15:17:56Z
More information about the dns-operations
mailing list