Google Public DNS Problems?

Blair Trosper blair.trosper at gmail.com
Wed May 1 17:12:10 UTC 2013


8.8.4.4 is now replying SERVFAIL whereas 8.8.8.8 is suddenly working fine
again...


On Wed, May 1, 2013 at 10:07 AM, Blair Trosper <blair.trosper at gmail.com>wrote:

> Goes all the way up to the A root server before failing spectacularly.
>
> Europa:~ blair$ dig +cd @8.8.8.8 google.com A
>
> ; <<>> DiG 9.8.3-P1 <<>> +cd @8.8.8.8 google.com A
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47332
> ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; AUTHORITY SECTION:
> . 467 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050100 1800
> 900 604800 86400
>
> ;; Query time: 46 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Wed May  1 10:05:46 2013
> ;; MSG SIZE  rcvd: 104
>
>
> On Wed, May 1, 2013 at 9:58 AM, Casey Deccio <casey at deccio.net> wrote:
>
>> On Wed, May 1, 2013 at 9:38 AM, Blair Trosper <blair.trosper at gmail.com>
>> wrote:
>> > That's all well and good, but I certainly wouldn't expect "nslookup
>> > gmail.com" or for "nslookup google.com" to return SERVFAIL
>> >
>>
>> If you set the CD (checking disabled) in the request, a response that
>> would normally be SERVFAIL due to DNSSEC validation failure will
>> return with the non-authenticated answer.  With dig the flag to add is
>> "+cd".  I don't know if there's an equivalent for nslookup.  For
>> example:
>>
>> dig +cd @8.8.8.8 google.com
>>
>> Casey
>>
>
>


More information about the NANOG mailing list