[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Google Public DNS Problems?

On 2013-05-01, at 12:09, Blair Trosper <blair.trosper at gmail.com> wrote:

> Is anyone else seeing this?  From Santa Clara, CA, on Comcast
> Business...I'm getting SERVFAIL for any query I throw at and
> Level 3's own public resolvers are fine for me, as are OpenDNS's resolvers.

Google just turned on validation across the whole of and The expected behaviour in the case where a response does not validate is to return SERVFAIL to the client.

You could check that the queries you are sending are not suffering from poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).

If this is a repeatable, consistent problem even for unsigned zones (or for zones that you've verified are signed correctly) and especially if it's widespread you might want to call google on the nanog courtesy phone and have them look for collateral damage from their recent foray into validation.

Raw output from dig/drill and traceroutes to are highly recommended if you need to take this further.