[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google Public DNS Problems?
That's all well and good, but I certainly wouldn't expect "nslookup
gmail.com" or for "nslookup google.com" to return SERVFAIL
On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley at hopcount.ca> wrote:
> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper at gmail.com> wrote:
> > Is anyone else seeing this? From Santa Clara, CA, on Comcast
> > Business...I'm getting SERVFAIL for any query I throw at 188.8.131.52 and
> > 184.108.40.206...
> > Level 3's own public resolvers are fine for me, as are OpenDNS's
> Google just turned on validation across the whole of 220.127.116.11 and 18.104.22.168.
> The expected behaviour in the case where a response does not validate is to
> return SERVFAIL to the client.
> You could check that the queries you are sending are not suffering from
> poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).
> If this is a repeatable, consistent problem even for unsigned zones (or
> for zones that you've verified are signed correctly) and especially if it's
> widespread you might want to call google on the nanog courtesy phone and
> have them look for collateral damage from their recent foray into 22.214.171.124
> Raw output from dig/drill and traceroutes to 126.96.36.199/188.8.131.52 are highly
> recommended if you need to take this further.