[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: Google Public DNS Not Resolving WWW.FBO.GOV



Got it.  Learning more about DNSSEC through the process.  Validated same with some other public DNS services that do check DNSSEC.  I suspect a lot of them probably have an NTA in place for a LOT of .gov websites!  ;)

I have an open ticket with GSA's Federal Service Desk (fsd.gov) regarding the issue.  I've passed along the screenshots/logs to help them sort it out.  Appreciate the assist and quick response!


On Thursday, January 3, 2019 at 11:37:52 AM UTC-5, Alex Dupuy wrote:
OpenDNS does not validate DNSSEC. Of the other public DNS resolvers that do, Cloudflare and Verisign are returning SERVFAIL, while Quad9 seems to have a negative trust anchor in place. If you're a Comcast customer, you can see what they have done (I suspect they might have an NTA in place too).

; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25373
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A


; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59081
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A

;; ANSWER SECTION:
www.fbo.gov. 10800 IN CNAME gov02-987274352.us-east-1.elb.amazonaws.com.
gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 34.199.150.14
gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 52.200.214.90


; <<>> DiG 9.11.2-P1-1-Debian <<>> +noedns +nostats www.fbo.gov @64.6.64.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4800
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.fbo.gov. IN A

--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/4ded89db-ec50-4f02-9ec2-a127aff251f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.