[162797] in North American Network Operators' Group
Re: Google Public DNS Problems?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed May 1 17:07:02 2013
In-Reply-To: <CAFwKRnTtmR2M8Khwf6PspAsKgmi4Y1o0+fP_KaHJNHE49_-cww@mail.gmail.com>
Date: Wed, 1 May 2013 17:03:36 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Yang Yu <yang.yu.list@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, May 1, 2013 at 4:14 PM, Yang Yu <yang.yu.list@gmail.com> wrote:
> It is very courteous to reply a SERVFAIL for requests being rate limited.
>
>
I believe the 'rate-limit' response is actually 'no response' ... though I
haven't tested this myself :)
> On Wed, May 1, 2013 at 1:17 PM, Andrew Fried <andrew.fried@gmail.com>
> wrote:
> > Your IPs may have been rate limited...
> >
> > Andy
> >
> > Andrew Fried
> > andrew.fried@gmail.com
> >
> > On 5/1/13 12:38 PM, Blair Trosper wrote:
> >> That's all well and good, but I certainly wouldn't expect "nslookup
> >> gmail.com" or for "nslookup google.com" to return SERVFAIL
> >>
> >>
> >> On Wed, May 1, 2013 at 9:34 AM, Joe Abley <jabley@hopcount.ca> wrote:
> >>
> >>>
> >>> On 2013-05-01, at 12:09, Blair Trosper <blair.trosper@gmail.com>
> wrote:
> >>>
> >>>> Is anyone else seeing this? From Santa Clara, CA, on Comcast
> >>>> Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and
> >>>> 8.8.4.4...
> >>>>
> >>>> Level 3's own public resolvers are fine for me, as are OpenDNS's
> >>> resolvers.
> >>>
> >>> Google just turned on validation across the whole of 8.8.8.8 and
> 8.8.4.4.
> >>> The expected behaviour in the case where a response does not validate
> is to
> >>> return SERVFAIL to the client.
> >>>
> >>> You could check that the queries you are sending are not suffering from
> >>> poor signing hygiene (e.g. use the handy-dandy dnsviz.netvisualisation).
> >>>
> >>> If this is a repeatable, consistent problem even for unsigned zones (or
> >>> for zones that you've verified are signed correctly) and especially if
> it's
> >>> widespread you might want to call google on the nanog courtesy phone
> and
> >>> have them look for collateral damage from their recent foray into
> 8.8.8.8
> >>> validation.
> >>>
> >>> Raw output from dig/drill and traceroutes to 8.8.8.8/8.8.4.4 are
> highly
> >>> recommended if you need to take this further.
> >>>
> >>>
> >>> Joe
> >
>
>
