Google Public DNS Problems?

Andrew Fried andrew.fried at gmail.com
Wed May 1 17:17:18 UTC 2013


Your IPs may have been rate limited...

Andy

Andrew Fried
andrew.fried at gmail.com

On 5/1/13 12:38 PM, Blair Trosper wrote:
> That's all well and good, but I certainly wouldn't expect "nslookup
> gmail.com" or for "nslookup google.com" to return SERVFAIL
> 
> 
> On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley at hopcount.ca> wrote:
> 
>>
>> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper at gmail.com> wrote:
>>
>>> Is anyone else seeing this?  From Santa Clara, CA, on Comcast
>>> Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
>>> 8.8.4.4...
>>>
>>> Level 3's own public resolvers are fine for me, as are OpenDNS's
>> resolvers.
>>
>> Google just turned on validation across the whole of 8.8.8.8 and 8.8.4.4.
>> The expected behaviour in the case where a response does not validate is to
>> return SERVFAIL to the client.
>>
>> You could check that the queries you are sending are not suffering from
>> poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).
>>
>> If this is a repeatable, consistent problem even for unsigned zones (or
>> for zones that you've verified are signed correctly) and especially if it's
>> widespread you might want to call google on the nanog courtesy phone and
>> have them look for collateral damage from their recent foray into 8.8.8.8
>> validation.
>>
>> Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly
>> recommended if you need to take this further.
>>
>>
>> Joe



More information about the NANOG mailing list