On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote:
As Tony Finch pointed out to me a few days ago, the Google public servers don't
understand that fact about DS records, and don't know to ask for them in the
parent. But here's something interesting - as of my testing just now, they *do*
respond with DS records
This thread has been kind of confusing, but looking again at the original post
(https://lists.isc.org/pipermail/bind-users/2012-February/086586.html), the
author was concerned about the lack of DS records in response to his queries.
Those two queries, directed to Google's server at 8.8.8.8, were:
dig +dnssec -t SOA org
dig +dnssec -t SOA org 198.41.0.4
I don't think any DS records should have been provided in the answers since SOA
records were being requested. Your query:
dig isc.org @8.8.8.8 ds +dnssec
is requesting and receiving DS records, on the other hand.
I also see Mark's post just now where 'dig @8.8.8.8 ds org.' returns SERVFAIL
while 'dig @8.8.8.8 ds isc.org.' returns the appropriate DS records. The same
thing happens for me with 'dig @8.8.8.8 ds net.' and 'dig @8.8.8.8 ds
jaspain.net.', and with 'dig @8.8.8.8 ds com.' and 'dig @8.8.8.8 ds
countryday.com.'. Clearly Google's server is malfunctioning in this regard.
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
But another question remains, where's the DNSKEY record which's the
missing link as of the current time.
Querying --
dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
Does not return anything.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
