8.8.4.4 is now replying SERVFAIL whereas 8.8.8.8 is suddenly working fine again...
On Wed, May 1, 2013 at 10:07 AM, Blair Trosper <blair.tros...@gmail.com>wrote: > Goes all the way up to the A root server before failing spectacularly. > > Europa:~ blair$ dig +cd @8.8.8.8 google.com A > > ; <<>> DiG 9.8.3-P1 <<>> +cd @8.8.8.8 google.com A > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47332 > ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;google.com. IN A > > ;; AUTHORITY SECTION: > . 467 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050100 1800 > 900 604800 86400 > > ;; Query time: 46 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Wed May 1 10:05:46 2013 > ;; MSG SIZE rcvd: 104 > > > On Wed, May 1, 2013 at 9:58 AM, Casey Deccio <ca...@deccio.net> wrote: > >> On Wed, May 1, 2013 at 9:38 AM, Blair Trosper <blair.tros...@gmail.com> >> wrote: >> > That's all well and good, but I certainly wouldn't expect "nslookup >> > gmail.com" or for "nslookup google.com" to return SERVFAIL >> > >> >> If you set the CD (checking disabled) in the request, a response that >> would normally be SERVFAIL due to DNSSEC validation failure will >> return with the non-authenticated answer. With dig the flag to add is >> "+cd". I don't know if there's an equivalent for nslookup. For >> example: >> >> dig +cd @8.8.8.8 google.com >> >> Casey >> > >