Re: Google Public DNS Problems?

[Yang Yu <yang.yu.list () gmail com>]

It is very courteous to reply a SERVFAIL for requests being rate limited.

On Wed, May 1, 2013 at 1:17 PM, Andrew Fried <andrew.fried () gmail com> wrote:
> Your IPs may have been rate limited...
>
> Andy
>
> Andrew Fried
> andrew.fried () gmail com
>
> On 5/1/13 12:38 PM, Blair Trosper wrote:
> > That's all well and good, but I certainly wouldn't expect "nslookup
> > gmail.com" or for "nslookup google.com" to return SERVFAIL
> >
> >
> > On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley () hopcount ca> wrote:
> >
> > > On 2013-05-01, at 12:09, Blair Trosper <blair.trosper () gmail com> wrote:
> > >
> > > > Is anyone else seeing this?  From Santa Clara, CA, on Comcast
> > > > Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
> > > > 8.8.4.4...
> > > >
> > > > Level 3's own public resolvers are fine for me, as are OpenDNS's
> > > resolvers.
> > >
> > > Google just turned on validation across the whole of 8.8.8.8 and 8.8.4.4.
> > > The expected behaviour in the case where a response does not validate is to
> > > return SERVFAIL to the client.
> > >
> > > You could check that the queries you are sending are not suffering from
> > > poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).
> > >
> > > If this is a repeatable, consistent problem even for unsigned zones (or
> > > for zones that you've verified are signed correctly) and especially if it's
> > > widespread you might want to call google on the nanog courtesy phone and
> > > have them look for collateral damage from their recent foray into 8.8.8.8
> > > validation.
> > >
> > > Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly
> > > recommended if you need to take this further.
> > >
> > >
> > > Joe