Google Public DNS Problems?

Casey Deccio casey at deccio.net
Wed May 1 16:58:23 UTC 2013


On Wed, May 1, 2013 at 9:38 AM, Blair Trosper <blair.trosper at gmail.com> wrote:
> That's all well and good, but I certainly wouldn't expect "nslookup
> gmail.com" or for "nslookup google.com" to return SERVFAIL
>

If you set the CD (checking disabled) in the request, a response that
would normally be SERVFAIL due to DNSSEC validation failure will
return with the non-authenticated answer.  With dig the flag to add is
"+cd".  I don't know if there's an equivalent for nslookup.  For
example:

dig +cd @8.8.8.8 google.com

Casey



More information about the NANOG mailing list