[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: Error 18



We are working on solving the other issues; in the interim we found something else interesting;

Sometimes Google DNS issues a ANY request for our domains, we set the truncate bit to force TCP.  Sometimes it appears Google DNS interprets that as a SERVFAIL and the subsequent A record requests get a SERVFAIL.

Two questions:

1) Does google DNS issue ANY requests on its own (or does it just pass through what clients request)?
2) Why does google DNS appear to sometimes interpret this as a SERVFAIL then negative cache it for all requests to a given domain?

For example, is there a sequence of things here that trigger some form of DDOS mitigation (something we should avoid).  Note our domains have a high request rate.

Thanks in advance for your help,

--Chris Gleba
VidScale, Inc

On Wednesday, January 31, 2018 at 1:17:39 PM UTC-5, cgl... AT vidscale.com wrote:
Thank you Alex!

On Tuesday, January 30, 2018 at 5:03:50 PM UTC-5, Alex Dupuy wrote:
Error 18 is a lame delegation.

http://dnsviz.net/d/large.40173-40326.geocity.unifieddeliverynetwork.net/dnssec/ shows some of the potential problems that might cause this, but foremost among them is that the name server names returned in referral responses are not the same as the NS records in the delegated zone itself.

Google Public DNS generally does not query for NS records, it uses only the NS records returned in the referral response from a parent zone or TLD.

--
--
========================================================
You received this message because you are subscribed to the Google
Groups "public-dns-discuss" group.
To post to this group, send email to public-dns-discuss AT googlegroups.com
To unsubscribe from this group, send email to
public-dns-discuss+unsubscribe AT googlegroups.com
For more options, visit this group at
http://groups.google.com/group/public-dns-discuss
For more information on Google Public DNS, please visit
http://developers.google.com/speed/public-dns
========================================================
---
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
For more options, visit https://groups.google.com/d/optout.