On 28.01.2013 17:35, Joe Abley wrote:
I haven't seen anybody else mention this out loud, but since early last week
(doing a DNSSEC workshop with NSRC at NZNOG 2013) we saw 8.8.8.8 giving secure
answers when queried with EDNS0/DO=1.
It appears they're validating _only_ when queried with DO=1:
dig badsig.dnstest.hauke-lampe.de @8.8.8.8 -> status: NOERROR
dig +dnssec badsig.dnstest.hauke-lampe.de @8.8.8.8 -> status: SERVFAIL
Still no alternative to a local validating resolver but a big step in
the right direction, I think.
Hauke.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
