Google resolvers got no response (i.e. timeout) for ipp.gov/dnskey from its authoritative name servers. If there is anyone on this list who manages ipp.gov DNS servers, please take a look. Our resolver IPs can be found at https://developers.google.com/speed/public-dns/faq#locations.
Thanks Yunhong (Google Public DNS) On Thu, May 30, 2013 at 12:03 PM, Casey Deccio <[email protected]> wrote: > On Thu, May 30, 2013 at 8:17 AM, Stephane Bortzmeyer <[email protected]> > wrote: > > On Thu, May 30, 2013 at 09:04:44AM -0600, > > Josh Galvez <[email protected]> wrote > > a message of 135 lines which said: > > > >> DNSSEC seems to be validating properly. > > > > Since Google Public DNS returns SERVFAIL even with the +cd option > > (Checking Disabled), I suspect that it is not a DNSSEC issue at all. > > > > That's not my experience: > > $ dig +cd @8.8.8.8 ipp.gov | grep status: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16884 > $ dig @8.8.8.8 ipp.gov | grep status: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57555 > > The resolvers seem to be choking on the DNSKEY (with or without CD): > > $ dig +cd @8.8.8.8 ipp.gov dnskey | grep status: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19590 > > Casey > >
