nanog mailing list archives

Re: Google Public DNS Problems?

From: Joe Abley <jabley () hopcount ca>
Date: Wed, 1 May 2013 12:34:01 -0400


On 2013-05-01, at 12:09, Blair Trosper <blair.trosper () gmail com> wrote:

Is anyone else seeing this?  From Santa Clara, CA, on Comcast
Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
8.8.4.4...

Level 3's own public resolvers are fine for me, as are OpenDNS's resolvers.


Google just turned on validation across the whole of 8.8.8.8 and 8.8.4.4. The expected behaviour in the case where a 
response does not validate is to return SERVFAIL to the client.

You could check that the queries you are sending are not suffering from poor signing hygiene (e.g. use the handy-dandy 
dnsviz.net visualisation).

If this is a repeatable, consistent problem even for unsigned zones (or for zones that you've verified are signed 
correctly) and especially if it's widespread you might want to call google on the nanog courtesy phone and have them 
look for collateral damage from their recent foray into 8.8.8.8 validation.

Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly recommended if you need to take this further.


Joe

Current thread:

Google Public DNS Problems? Blair Trosper (May 01)
- Re: Google Public DNS Problems? Harry Hoffman (May 01)
- Re: Google Public DNS Problems? Joe Abley (May 01)
  - Re: Google Public DNS Problems? Blair Trosper (May 01)
    - Re: Google Public DNS Problems? Casey Deccio (May 01)
    - Re: Google Public DNS Problems? Blair Trosper (May 01)
    - Re: Google Public DNS Problems? Blair Trosper (May 01)
    - Re: Google Public DNS Problems? Tony Finch (May 01)
    - Re: Google Public DNS Problems? Jared Mauch (May 01)
    - Re: Google Public DNS Problems? Blair Trosper (May 01)
    - Re: Google Public DNS Problems? Livingood, Jason (May 01)
    - Re: Google Public DNS Problems? Andrew Fried (May 01)
    - Re: Google Public DNS Problems? Yang Yu (May 01)

(Thread continues...)