On Wed, May 1, 2013 at 9:38 AM, Blair Trosper <blair.tros...@gmail.com> wrote: > That's all well and good, but I certainly wouldn't expect "nslookup > gmail.com" or for "nslookup google.com" to return SERVFAIL >
If you set the CD (checking disabled) in the request, a response that would normally be SERVFAIL due to DNSSEC validation failure will return with the non-authenticated answer. With dig the flag to add is "+cd". I don't know if there's an equivalent for nslookup. For example: dig +cd @8.8.8.8 google.com Casey