dig -- only RRSIG present.
dE .
de.techno at gmail.com
Mon Feb 13 04:29:38 UTC 2012
On 02/13/12 08:29, Spain, Dr. Jeffry A. wrote:
>> As Tony Finch pointed out to me a few days ago, the Google public servers don't understand that fact about DS records, and don't know to ask for them in the parent. But here's something interesting - as of my testing just now, they *do* respond with DS records
> This thread has been kind of confusing, but looking again at the original post (https://lists.isc.org/pipermail/bind-users/2012-February/086586.html), the author was concerned about the lack of DS records in response to his queries. Those two queries, directed to Google's server at 8.8.8.8, were:
> dig +dnssec -t SOA org
> dig +dnssec -t SOA org 198.41.0.4
>
> I don't think any DS records should have been provided in the answers since SOA records were being requested. Your query:
> dig isc.org @8.8.8.8 ds +dnssec
> is requesting and receiving DS records, on the other hand.
>
> I also see Mark's post just now where 'dig @8.8.8.8 ds org.' returns SERVFAIL while 'dig @8.8.8.8 ds isc.org.' returns the appropriate DS records. The same thing happens for me with 'dig @8.8.8.8 ds net.' and 'dig @8.8.8.8 ds jaspain.net.', and with 'dig @8.8.8.8 ds com.' and 'dig @8.8.8.8 ds countryday.com.'. Clearly Google's server is malfunctioning in this regard.
>
> Jeffry A. Spain
> Network Administrator
> Cincinnati Country Day School
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
But another question remains, where's the DNSKEY record which's the
missing link as of the current time.
Querying --
dig +dnssec -t DNSKEY yahoo.com @198.41.0.4
Does not return anything.
More information about the bind-users
mailing list