[dns-operations] 8.8.8.8 not supporting removing DS
Robert Martin-Legene
rlegene at gmail.com
Thu Nov 21 19:02:50 UTC 2024
Hi Josh.
Thank you for your idea.
A TLD operator will not perform steps to flush cache operators' caches.
There is an expectation about honoring TTL. Either way, the scenario sounds
more like a bug.
PS:
DS TTL in parent was 1h and the resolution failure lasted many hours past
this.
On Thu, 21 Nov 2024, 13:30 Josh Luthman, <josh at imaginenetworksllc.com>
wrote:
> Did you try a flush?
>
> https://developers.google.com/speed/public-dns/cache
>
> On Thu, Nov 21, 2024, 11:23 AM Robert Martin-Legene <rlegene at gmail.com>
> wrote:
>
>> Google's recursive DNS seems to dislike a registry operator removing DS
>> for some of their zones in parent zones, while still signing parent and
>> child properly. Even the now absence of DS is properly signed.
>>
>> The response is SERVFAIL even though the TTL has long since expired in
>> all caches. Also, there is no DS in their cache when queried about DS.
>>
>> All other known open recursive providers seem to adhere to the expected
>> behaviour.
>>
>> Is this a bug, Google?
>>
>> Feel free to contact me directly if you need specific zone names.
>>
>> --
>> Robert Martin-Legene
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20241121/88134744/attachment.html>
More information about the dns-operations
mailing list