[162772] in North American Network Operators' Group
Re: Google Public DNS Problems?
daemon@ATHENA.MIT.EDU (Casey Deccio)
Wed May 1 12:58:45 2013
In-Reply-To: <CAA5Ek4dfGsWk8Jzbk1-rXacYCyHy++vKwbC_os3f3u8RbPdu+w@mail.gmail.com>
Date: Wed, 1 May 2013 09:58:23 -0700
From: Casey Deccio <casey@deccio.net>
To: Blair Trosper <blair.trosper@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, May 1, 2013 at 9:38 AM, Blair Trosper <blair.trosper@gmail.com> wrote:
> That's all well and good, but I certainly wouldn't expect "nslookup
> gmail.com" or for "nslookup google.com" to return SERVFAIL
>
If you set the CD (checking disabled) in the request, a response that
would normally be SERVFAIL due to DNSSEC validation failure will
return with the non-authenticated answer. With dig the flag to add is
"+cd". I don't know if there's an equivalent for nslookup. For
example:
dig +cd @8.8.8.8 google.com
Casey
