[162775] in North American Network Operators' Group
Re: Google Public DNS Problems?
daemon@ATHENA.MIT.EDU (Andrew Fried)
Wed May 1 13:17:34 2013
Date: Wed, 01 May 2013 13:17:18 -0400
From: Andrew Fried <andrew.fried@gmail.com>
To: nanog@nanog.org
In-Reply-To: <CAA5Ek4dfGsWk8Jzbk1-rXacYCyHy++vKwbC_os3f3u8RbPdu+w@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Your IPs may have been rate limited...
Andy
Andrew Fried
andrew.fried@gmail.com
On 5/1/13 12:38 PM, Blair Trosper wrote:
> That's all well and good, but I certainly wouldn't expect "nslookup
> gmail.com" or for "nslookup google.com" to return SERVFAIL
>
>
> On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley@hopcount.ca> wrote:
>
>>
>> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper@gmail.com> wrote:
>>
>>> Is anyone else seeing this? From Santa Clara, CA, on Comcast
>>> Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
>>> 8.8.4.4...
>>>
>>> Level 3's own public resolvers are fine for me, as are OpenDNS's
>> resolvers.
>>
>> Google just turned on validation across the whole of 8.8.8.8 and 8.8.4.4.
>> The expected behaviour in the case where a response does not validate is to
>> return SERVFAIL to the client.
>>
>> You could check that the queries you are sending are not suffering from
>> poor signing hygiene (e.g. use the handy-dandy dnsviz.net visualisation).
>>
>> If this is a repeatable, consistent problem even for unsigned zones (or
>> for zones that you've verified are signed correctly) and especially if it's
>> widespread you might want to call google on the nanog courtesy phone and
>> have them look for collateral damage from their recent foray into 8.8.8.8
>> validation.
>>
>> Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are highly
>> recommended if you need to take this further.
>>
>>
>> Joe
