Google Public DNS Problems?

Yang Yu yang.yu.list at gmail.com
Wed May 1 20:14:03 UTC 2013


It is very courteous to reply a SERVFAIL for requests being rate limited.

On Wed, May 1, 2013 at 1:17 PM, Andrew Fried <andrew.fried at gmail.com> wrote:
> Your IPs may have been rate limited...
>
> Andy
>
> Andrew Fried
> andrew.fried at gmail.com
>
> On 5/1/13 12:38 PM, Blair Trosper wrote:
>> That's all well and good, but I certainly wouldn't expect "nslookup
>> gmail.com" or for "nslookup google.com" to return SERVFAIL
>>
>>
>> On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley at hopcount.ca> wrote:
>>
>>>
>>> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper at gmail.com> wrote:
>>>
>>>> Is anyone else seeing this?  From Santa Clara, CA, on Comcast
>>>> Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
>>>> 8.8.4.4...
>>>>
>>>> Level 3's own public resolvers are fine for me, as are OpenDNS's
>>> resolvers.
>>>
>>> Google just turned on validation across the whole of 8.8.8.8 and 8.8.4.4.
>>> The expected behaviour in the case where a response does not validate is to
>>> return SERVFAIL to the client.
>>>
>>> You could check that the queries you are sending are not suffering from
>>> poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).
>>>
>>> If this is a repeatable, consistent problem even for unsigned zones (or
>>> for zones that you've verified are signed correctly) and especially if it's
>>> widespread you might want to call google on the nanog courtesy phone and
>>> have them look for collateral damage from their recent foray into 8.8.8.8
>>> validation.
>>>
>>> Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly
>>> recommended if you need to take this further.
>>>
>>>
>>> Joe
>



More information about the NANOG mailing list