[161945] in North American Network Operators' Group
Re: Google public DNS flapping/non-functional
daemon@ATHENA.MIT.EDU (Casey Deccio)
Thu Mar 28 17:27:41 2013
In-Reply-To: <CAA5Ek4e2oFqeLBKqr4k_oSz=Q37DB8a+7JC2EC2k1MrfHqrofQ@mail.gmail.com>
Date: Thu, 28 Mar 2013 14:22:40 -0700
From: Casey Deccio <casey@deccio.net>
To: Blair Trosper <blair.trosper@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Mar 28, 2013 at 11:51 AM, Blair Trosper <blair.trosper@gmail.com>wrote:
> Could someone from Google contact me off list to discuss the public
> resolvers?
>
> I'm getting NXDOMAIN and then a proper response literally one second later.
> And from there it's just 20 GOTO 10...the resolver seems to be having a
> psychotic episode, or...at the very least...an identity crisis.
>
>
These symptoms have been seen on DNSSEC validating resolvers when they
encounter a signed zone that is misconfigured. Google has recently begun
DNSSEC validation, so it could very well be related, depending the
configuration of the zone in question, including whether or not it is
signed, and Google's resolver/validator implementation.
Casey
