Google's Public DNS does DNSSEC validation
Marco Davids
mdavids at forfun.net
Tue Jan 29 07:04:06 UTC 2013
This is interesting news; it seems that Google's Public DNS is
performing DNSSEC validation (when the DO-bit is set):
dig +dnssec +multi www.dnssec.nl @8.8.8.8
; <<>> DiG 9.9.1-vjs163.18-P1 <<>> +dnssec +multi www.dnssec.nl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51937
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;www.dnssec.nl. IN A
;; ANSWER SECTION:
www.dnssec.nl. 21580 IN A 213.154.228.160
www.dnssec.nl. 21580 IN RRSIG A 8 3 86400 (
20130227071505 20130128071505 33084 dnssec.nl.
J9MzudQJHT7UEFZDxioAeOSARqvN87stHIiXLdl1f6ZB
I3UGSqKIOlYpuaM7a6jk8k8oajUkGEHGOxa9ypJQHvlv
mAE6noaI5sZh6R6lnkd48zGs/xPg4BNODG2zNb3I/lQ3
2ojQtcs9AIMDEtH5+XISuwvPre5hhYkneM6mtUc= )
;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jan 29 08:03:53 2013
;; MSG SIZE rcvd: 227
--
Marco Davids
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4432 bytes
Desc: S/MIME-cryptografische ondertekening
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130129/08e9ea4d/attachment.bin>
More information about the NANOG
mailing list