[ Quoting de.tec...@gmail.com at 23:10 on Feb 12 in dig -- only RRSIG pr...
]
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
signature.asc
Description: Digital
Hello,
Bind9-esv-r6rc1 has crashed with the following error:
2012-02-12T12:21:56+04:00 crit [15716] general: critical: rbtdb.c:1552:
INSIST(!((void *)((node)-deadlink.prev) != (void *)(-1))) failed
2012-02-12T12:21:56+04:00 crit [15716] general: critical: exiting (due
to assertion failure)
On Sun, Feb 12, 2012 at 10:22:22AM -0800, Michael Sinatra wrote:
On 02/12/12 09:40, dE . wrote:
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
. . .
As we can see, the DNSKEY and DS RR is missing which's mandatory for
this to be of
8.8.8.8 returns servfail for me.
Note a RFC 1035 caching server should be be able to resolve dig ds org
though it may not return the response from the parent zone. It depends
on the cache state when the query is made.
Mark
% dig ds org @8.8.8.8
; DiG 9.7.3-P3 ds org @8.8.8.8
;; global
As Tony Finch pointed out to me a few days ago, the Google public servers
don't understand that fact about DS records, and don't know to ask for them
in the parent. But here's something interesting - as of my testing just now,
they *do* respond with DS records
This thread has been kind of
On 02/12/12 23:13, Miek Gieben wrote:
[ Quotingde.tec...@gmail.com at 23:10 on Feb 12 in dig -- only RRSIG pr...
]
I'm trying to see DNSSEC response of various sites; my DNS server is
8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote:
As Tony Finch pointed out to me a few days ago, the Google public servers don't
understand that fact about DS records, and don't know to ask for them in the
parent. But here's something interesting - as of my testing just now, they *do*
respond
On 02/13/12 10:13, Spain, Dr. Jeffry A. wrote:
But another question remains, where's the DNSKEY record which's the missing
link as of the current time.
Querying --
dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
Does not return anything.
I think that yahoo.com is probably not a DNSSEC-signed zone
8 matches
Mail list logo