This is very positive - I hope more recursive resolvers start to adopt
DNSSEC as well.
Jason
On 1/29/13 3:05 AM, Mansoor Nathani mnath...@winvive.com wrote:
I guess its only a matter of time before they start validating all
requests. And more importantly returning SERVFAIL for invalid hosts.
In the potentially interestingly and perhaps not so positive - one of the
common EDNS tests via Google pub DNS fails.
https://www.dns-oarc.net/oarc/services/replysizetest
;; ANSWER SECTION:
rs.dns-oarc.net. 58 IN CNAME rst.x479.rs.dns-oarc.net.
rst.x479.rs.dns-oarc.net. 57 IN CNAME
Mick O'Rourke mkorourke+na...@gmail.com wrote:
In the potentially interestingly and perhaps not so positive - one of the
common EDNS tests via Google pub DNS fails.
Google Public DNS's upstream behaviour is different depending on
whether its client demonstrate knowledge of DNSSEC:
Large EDNS
This is interesting news; it seems that Google's Public DNS is
performing DNSSEC validation (when the DO-bit is set):
dig +dnssec +multi www.dnssec.nl @8.8.8.8
; DiG 9.9.1-vjs163.18-P1 +dnssec +multi www.dnssec.nl @8.8.8.8
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY,
4 matches
Mail list logo