This is very positive - I hope more recursive resolvers start to adopt DNSSEC as well.
Jason On 1/29/13 3:05 AM, "Mansoor Nathani" <mnath...@winvive.com> wrote: >I guess its only a matter of time before they start validating all >requests. And more importantly returning SERVFAIL for invalid hosts. > >Mansoor > >On Tue, Jan 29, 2013 at 2:04 AM, Marco Davids <mdav...@forfun.net> wrote: > >> This is interesting news; it seems that Google's Public DNS is >> performing DNSSEC validation (when the DO-bit is set): >> >> dig +dnssec +multi www.dnssec.nl @8.8.8.8 >> >> ; <<>> DiG 9.9.1-vjs163.18-P1 <<>> +dnssec +multi www.dnssec.nl @8.8.8.8 >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51937 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags: do; udp: 512 >> ;; QUESTION SECTION: >> ;www.dnssec.nl. IN A >> >> ;; ANSWER SECTION: >> www.dnssec.nl. 21580 IN A 213.154.228.160 >> www.dnssec.nl. 21580 IN RRSIG A 8 3 86400 ( >> 20130227071505 20130128071505 33084 dnssec.nl. >> J9MzudQJHT7UEFZDxioAeOSARqvN87stHIiXLdl1f6ZB >> I3UGSqKIOlYpuaM7a6jk8k8oajUkGEHGOxa9ypJQHvlv >> mAE6noaI5sZh6R6lnkd48zGs/xPg4BNODG2zNb3I/lQ3 >> 2ojQtcs9AIMDEtH5+XISuwvPre5hhYkneM6mtUc= ) >> >> ;; Query time: 28 msec >> ;; SERVER: 8.8.8.8#53(8.8.8.8) >> ;; WHEN: Tue Jan 29 08:03:53 2013 >> ;; MSG SIZE rcvd: 227 >> >> -- >> Marco Davids >> >> >>
