--Got it. Learning more about DNSSEC through the process. Validated same with some other public DNS services that do check DNSSEC. I suspect a lot of them probably have an NTA in place for a LOT of .gov websites! ;)I have an open ticket with GSA's Federal Service Desk (fsd.gov) regarding the issue. I've passed along the screenshots/logs to help them sort it out. Appreciate the assist and quick response!
On Thursday, January 3, 2019 at 11:37:52 AM UTC-5, Alex Dupuy wrote:OpenDNS does not validate DNSSEC. Of the other public DNS resolvers that do, Cloudflare and Verisign are returning SERVFAIL, while Quad9 seems to have a negative trust anchor in place. If you're a Comcast customer, you can see what they have done (I suspect they might have an NTA in place too).;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25373;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59081;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;; ANSWER SECTION:gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 184.108.40.206gov02-987274352.us-east-1.elb.amazonaws.com. 60 IN A 220.127.116.11;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4800;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
You received this message because you are subscribed to a topic in the Google Groups "public-dns-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/public-dns-discuss/voyFUl5Xg3Y/unsubscribe.
To unsubscribe from this group and all its topics, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/4ded89db-ec50-4f02-9ec2-a127aff251f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.