Hi all, I haven't seen anybody else mention this out loud, but since early last week (doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw 8.8.8.8 giving secure answers when queried with EDNS0/DO=1.
The responding node of 8.8.8.8 we saw in Wellington was in Sydney, I think (routing out through REANZ) but I see the same thing from my desk at home so perhaps this is a widespread change. 8.8.8.8 doesn't seem to support NSID, ID.SERVER/CH/TXT or HOSTNAME.BIND/CH/TXT but I included a traceroute in case anybody is interested. The FAQ still says that responses are not validated, but perhaps there is a documentation gap. <https://developers.google.com/speed/public-dns/faq#dnssec> Joe [krill:~]% dig @8.8.8.8 hopcount.ca MX +dnssec ; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 hopcount.ca MX +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21782 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 512 ;; QUESTION SECTION: ;hopcount.ca. IN MX ;; ANSWER SECTION: hopcount.ca. 21451 IN MX 10 mail.hopcount.ca. hopcount.ca. 21451 IN RRSIG MX 5 2 86400 20130218080658 20130119073027 37548 hopcount.ca. nZCKjUeb/yw6WKJjnHAkuGUWQJ4z0bAZ5A4Q/TCeUXHTlLXW/a9Ax8Aj Dw/CymTAWDisKW2yAhi2M9iU5xeQog1+gHmPL+laqsDsEPweYV21+o1W Zbb5jHyZKxlMqkW0QYaly4aE7USC4RLqAW+zJkP78Jz0qe/yy1mjddW0 6Ec= ;; Query time: 102 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 28 11:32:45 2013 ;; MSG SIZE rcvd: 232 [krill:~]% [krill:~]% traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets 1 office.r1.owls.hopcount.ca (199.212.90.1) 2.328 ms 1.608 ms 1.863 ms 2 216.235.0.30 (216.235.0.30) 55.019 ms 54.184 ms 55.669 ms 3 216.235.0.133 (216.235.0.133) 66.517 ms 62.202 ms 57.321 ms 4 gw-google.torontointernetxchange.net (206.108.34.6) 84.828 ms 53.842 ms 57.366 ms 5 209.85.255.232 (209.85.255.232) 53.916 ms 216.239.47.114 (216.239.47.114) 55.641 ms 56.410 ms 6 72.14.236.224 (72.14.236.224) 75.079 ms 72.14.236.226 (72.14.236.226) 75.515 ms 74.957 ms 7 209.85.249.11 (209.85.249.11) 81.529 ms 72.14.239.93 (72.14.239.93) 81.668 ms 209.85.249.11 (209.85.249.11) 79.977 ms 8 72.14.238.16 (72.14.238.16) 80.152 ms 80.997 ms 72.14.238.18 (72.14.238.18) 80.736 ms 9 72.14.232.21 (72.14.232.21) 79.942 ms 93.158 ms 93.146 ms 10 google-public-dns-a.google.com (8.8.8.8) 80.808 ms 80.641 ms 79.708 ms [krill:~]%
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
