Google Public DNS Now Supports DNSSEC Validation (original) (raw)
Tunasashimisaid...
Does Google publish any live statistics about the state of its DNS network?
Anonymous said...
I'm very happy that you're going full steam into DNSSEC and other DNS security best practices deployment, and want to advocate Google DNS to other people, but alas, you aren't actually compliant with the DNSSEC specifications at the moment for the simple reason that if the DO bit is not set in queries you aren't doing any validation. This is simply wrong; you should return SERVFAIL for any validation failure, to any client.
Cheers,
Sabahattin
Unknownsaid...
It is truly a great and helpful piece of information.
I am satisfied that you simply shared this useful information with us.
Please stay us informed like this. Thanks for sharing information.
David Filiatraultsaid...
Is there anyone at google assigned to do the work to get the google.com domain DSNSEC signed? We've got a chicken and egg problem where end users won't take the time to engage with DNSSEC if the sites they frequently access are not signed. If someone is working on it, what is the target deployment date/quarter?