> As Tony Finch pointed out to me a few days ago, the Google public servers > don't understand that fact about DS records, and don't know to ask for them > in the parent. But here's something interesting - as of my testing just now, > they *do* respond with DS records
This thread has been kind of confusing, but looking again at the original post (https://lists.isc.org/pipermail/bind-users/2012-February/086586.html), the author was concerned about the lack of DS records in response to his queries. Those two queries, directed to Google's server at 8.8.8.8, were: dig +dnssec -t SOA org dig +dnssec -t SOA org 198.41.0.4 I don't think any DS records should have been provided in the answers since SOA records were being requested. Your query: dig isc.org @8.8.8.8 ds +dnssec is requesting and receiving DS records, on the other hand. I also see Mark's post just now where 'dig @8.8.8.8 ds org.' returns SERVFAIL while 'dig @8.8.8.8 ds isc.org.' returns the appropriate DS records. The same thing happens for me with 'dig @8.8.8.8 ds net.' and 'dig @8.8.8.8 ds jaspain.net.', and with 'dig @8.8.8.8 ds com.' and 'dig @8.8.8.8 ds countryday.com.'. Clearly Google's server is malfunctioning in this regard. Jeffry A. Spain Network Administrator Cincinnati Country Day School _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
