[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: Google Public DNS Not Resolving WWW.FBO.GOV



OpenDNS does not validate DNSSEC. Of the other public DNS resolvers that do, Cloudflare and Verisign are returning SERVFAIL, while Quad9 seems to have a negative trust anchor in place. If you're a Comcast customer, you can see what they have done (I suspect they might have an NTA in place too).

; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25373
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A


; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59081
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A

;; ANSWER SECTION:
www.fbo.gov. 10800 IN CNAME gov02-987274352.us-east-1.elb.amazonaws.com.
gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 34.199.150.14
gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 52.200.214.90


; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @64.6.64.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4800
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/c1c9f837-c327-4164-8556-d19a109ed97c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.