[dns-operations] dnssec-failed.org and dns.google
Eliza
eli at ChinaBuckets.com
Wed Aug 14 06:49:30 UTC 2019
Hi,
on 2019/8/14 14:27, A. Schulze wrote:
> dnssec-failed.org is widely used to proof dnssec validation is in place.
> If someone can reach the domains webserver, the resolver behind the
> scene doesn't validate.
>
> now my monitoring alerted me about an unexpected answer:
>
>
> dig @8.8.8.8 dnssec-failed.org. +aaonly
I got SERVFAIL running the same command.
$ dig @8.8.8.8 dnssec-failed.org. +aaonly
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @8.8.8.8 dnssec-failed.org. +aaonly
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30903
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;dnssec-failed.org. IN A
;; Query time: 403 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Aug 14 14:48:20 HKT 2019
;; MSG SIZE rcvd: 46
More information about the dns-operations
mailing list