[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: Single domain DNSSEC related issue apparently affecting only Google resolvers




On Monday, 17 September 2018 18:28:37 UTC+1, Phillip Baker wrote:
Hi

8.8.8.8/8.8.4.4 cannot currently resolve lchost.net (or hostnames under that domain)

This domain works fine with other open resolvers (Level3, OpenDNS, Quad1, Quad9, OARC DNSSEC Validating resolvers)

I can only get a result from Google's resolvers if I use the +cd flag (Step 4 - https://developers.google.com/speed/public-dns/docs/troubleshooting) to disable DNSSEC, but the domain is fine with other DNSSEC validating resolvers, and DNSViz etc is fine.

Google can resolve other domains on the same authoritative servers fine.

Any suggestions?


To add that this isn't just affecting a single client: this came to light because a customer reported that it wasn't resolving for them. I've now had at least 5 confirmed instances of this not resolving properly via Google's resolvers from around the UK., and have this morning validated that the same happens when querying 8.8.8.8 from datacentres in LA, Sydney and Singapore. This issue appears to be continuous, and appears to be consistent across the 8.8.8.8 anycast nodes.

http://dnsviz.net/d/lchost.net/dnssec/ suggests no problems (that are inside my sphere of control)

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/74bc2eb8-3863-4f29-8c1a-0dc2489de689%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.