nanog mailing list archives
RE: Dns sometimes fails using Google DNS / automatic dnssec
From: Tony Finch <dot () dotat at>
Date: Thu, 15 Nov 2012 17:38:24 +0000
Jay Ford <jay-ford () uiowa edu> wrote:
It looks like if the server has the RRSIG RR, it returns it. For example, a query with +dnssec will cause it to cache the RRSIG, after which it returns it even if +dnssec not specified.
It's weird. If you repeatedly query 8.8.4.4 without the DO bit, you get a mixture of responses with and without an RRSIG and with varying TTLs. With DO it appears to consistently return an RRSIG in the answer and the TTL drops monotonically. 8.8.8.8 is similar except DO=0 replies don't include RRSIGs. (Querying from JANET UK and hitting some servers a lethargic 12ms away.) while sleep 1; do dig +dnssec @8.8.4.4 m1.mailplus.nl; done Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
Current thread:
- Dns sometimes fails using Google DNS / automatic dnssec MailPlus| David Hofstee (Nov 15)
- Re: Dns sometimes fails using Google DNS / automatic dnssec Yunhong Gu (Nov 15)
- RE: Dns sometimes fails using Google DNS / automatic dnssec MailPlus| David Hofstee (Nov 15)
- RE: Dns sometimes fails using Google DNS / automatic dnssec Jay Ford (Nov 15)
- Re: Dns sometimes fails using Google DNS / automatic dnssec Yunhong Gu (Nov 15)
- RE: Dns sometimes fails using Google DNS / automatic dnssec MailPlus| David Hofstee (Nov 19)
- RE: Dns sometimes fails using Google DNS / automatic dnssec Tony Finch (Nov 15)
- RE: Dns sometimes fails using Google DNS / automatic dnssec MailPlus| David Hofstee (Nov 15)
- Re: Dns sometimes fails using Google DNS / automatic dnssec Yunhong Gu (Nov 15)