I guess its only a matter of time before they start validating all requests. And more importantly returning SERVFAIL for invalid hosts.
Mansoor On Tue, Jan 29, 2013 at 2:04 AM, Marco Davids <mdav...@forfun.net> wrote: > This is interesting news; it seems that Google's Public DNS is > performing DNSSEC validation (when the DO-bit is set): > > dig +dnssec +multi www.dnssec.nl @8.8.8.8 > > ; <<>> DiG 9.9.1-vjs163.18-P1 <<>> +dnssec +multi www.dnssec.nl @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51937 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags: do; udp: 512 > ;; QUESTION SECTION: > ;www.dnssec.nl. IN A > > ;; ANSWER SECTION: > www.dnssec.nl. 21580 IN A 213.154.228.160 > www.dnssec.nl. 21580 IN RRSIG A 8 3 86400 ( > 20130227071505 20130128071505 33084 dnssec.nl. > J9MzudQJHT7UEFZDxioAeOSARqvN87stHIiXLdl1f6ZB > I3UGSqKIOlYpuaM7a6jk8k8oajUkGEHGOxa9ypJQHvlv > mAE6noaI5sZh6R6lnkd48zGs/xPg4BNODG2zNb3I/lQ3 > 2ojQtcs9AIMDEtH5+XISuwvPre5hhYkneM6mtUc= ) > > ;; Query time: 28 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Tue Jan 29 08:03:53 2013 > ;; MSG SIZE rcvd: 227 > > -- > Marco Davids > > >
