[162769] in North American Network Operators' Group
Re: Google Public DNS Problems?
daemon@ATHENA.MIT.EDU (Joe Abley)
Wed May 1 12:34:17 2013
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <CAA5Ek4d+L0Xe+0ARFhXjOouM5+fMC6kEvN=Z8uZAK6+dGANMyA@mail.gmail.com>
Date: Wed, 1 May 2013 12:34:01 -0400
To: Blair Trosper <blair.trosper@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2013-05-01, at 12:09, Blair Trosper <blair.trosper@gmail.com> wrote:
> Is anyone else seeing this? =46rom Santa Clara, CA, on Comcast
> Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
> 8.8.4.4...
>=20
> Level 3's own public resolvers are fine for me, as are OpenDNS's =
resolvers.
Google just turned on validation across the whole of 8.8.8.8 and =
8.8.4.4. The expected behaviour in the case where a response does not =
validate is to return SERVFAIL to the client.
You could check that the queries you are sending are not suffering from =
poor signing hygiene (e.g. use the handy-dandy dnsviz.net =
visualisation).
If this is a repeatable, consistent problem even for unsigned zones (or =
for zones that you've verified are signed correctly) and especially if =
it's widespread you might want to call google on the nanog courtesy =
phone and have them look for collateral damage from their recent foray =
into 8.8.8.8 validation.
Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly =
recommended if you need to take this further.
Joe=
