[dns-operations] dnssec-failed.org and dns.google
Puneet Sood
puneets at google.com
Wed Aug 14 17:54:16 UTC 2019
We are rolling back the breaking change. It should complete in less than a day.
Some of the incorrect results might persist a little longer due to
additional caching in our frontends.
On Wed, Aug 14, 2019 at 10:11 AM Warren Kumari <warren at kumari.net> wrote:
>
> [ Top-post ]
>
> Hi,
>
> Thanks for letting us know. Google Public DNS is aware of the issue --
> it's a bug related to a new feature / validation, and is being
> addressed now...
>
> W
>
> On Wed, Aug 14, 2019 at 9:26 AM Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> >
> > On Wed, Aug 14, 2019 at 08:27:54AM +0200, A. Schulze wrote:
> >
> > > ; <<>> DiG 9.10.3-P4-Debian <<>> @8.8.8.8 dnssec-failed.org. +aaonly
> > > ; (1 server found)
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54820
> > > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> > >
> > > ;; OPT PSEUDOSECTION:
> > > ; EDNS: version: 0, flags:; udp: 512
> > > ;; QUESTION SECTION:
> > > ;dnssec-failed.org. IN A
> > >
> > > ;; ANSWER SECTION:
> > > dnssec-failed.org. 7199 IN A 69.252.80.75
> >
> > I also see answers coming back, with the AD-bit set, from 8.8.{8.8,4.4},
> > but not 1.0.0.1, 1.1.1.1, 64.6.64.6 or 64.6.65.6.
> >
> > If validation were disabled, I'd at least expect the AD bit to be
> > off. Not clear what the reason might be.
> >
> > --
> > Viktor.
> > _______________________________________________
> > dns-operations mailing list
> > dns-operations at lists.dns-oarc.net
> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
> ---maf
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list