Google Public DNS Problems?

Blair Trosper blair.trosper at
Wed May 1 16:38:29 UTC 2013

That's all well and good, but I certainly wouldn't expect "nslookup" or for "nslookup" to return SERVFAIL

On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley at> wrote:

> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper at> wrote:
> > Is anyone else seeing this?  From Santa Clara, CA, on Comcast
> > Business...I'm getting SERVFAIL for any query I throw at and
> >
> >
> > Level 3's own public resolvers are fine for me, as are OpenDNS's
> resolvers.
> Google just turned on validation across the whole of and
> The expected behaviour in the case where a response does not validate is to
> return SERVFAIL to the client.
> You could check that the queries you are sending are not suffering from
> poor signing hygiene (e.g. use the handy-dandy visualisation).
> If this is a repeatable, consistent problem even for unsigned zones (or
> for zones that you've verified are signed correctly) and especially if it's
> widespread you might want to call google on the nanog courtesy phone and
> have them look for collateral damage from their recent foray into
> validation.
> Raw output from dig/drill and traceroutes to are highly
> recommended if you need to take this further.
> Joe

More information about the NANOG mailing list