Hi,
Just started playing around with DNSSEC and testing from various
places WRT EDNS. I understand Google Public DNS is anycast (yes ?) so
a given answer could be coming from a different 'pod' each time. Why
would I get a REFUSED, and then a success a few seconds later ? Is
this a unique anycast instance tripping up on EDNS ? Or something
more boring like a temporary resource strain ("slashdotted"). ?
Thanks in advance.
root@nexusone:/home/vom# dig +bufsize=4096 +dnssec @
8.8.8.8 gov dnskey
; <<>> DiG 9.4.2 <<>> +bufsize=4096 +dnssec @
8.8.8.8 gov dnskey
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 30342
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gov. IN DNSKEY
;; Query time: 138 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 15 18:37:58 2009
;; MSG SIZE rcvd: 21
root@nexusone:/home/vom# dig +bufsize=4096 +dnssec @
8.8.8.8 gov dnskey
; <<>> DiG 9.4.2 <<>> +bufsize=4096 +dnssec @
8.8.8.8 gov dnskey
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12800
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;gov. IN DNSKEY
;; ANSWER SECTION:
gov. 86400 IN DNSKEY 256 3 7 AwEAAZzsQ4vEhGwWTdbjdK7cl4hk8QI/
Cvf9jxGqsee7z8EIbxlGflhb GSxoeTob9WYP4pzewLqx8+xfIxmyqdXxBA/
qMrxTeyiexm4gNCHUM+3X
vxXhHRy61oO1UOclg9CqhvmMh2sqwtvbdvIoOIvF1aTL1GnGK9ZHl1a3
04NBaZ0F9ly2dMva+iNuKw8G9FSJzSCdsgmf+5MorOKljOdFvJChRkfX RayLFt/
dgUyjQ2v1hytyp/2Cp6b6v+BPAQxSf9uQsCZLnWs2xy6VwaqU 3uKx+TUesUpzKkUZ
+DREoLtHapKQI4nXIf21F5LRpgH/FI/AbNqjHdAr cxTuiEtBfe0=
gov. 86400 IN DNSKEY 256 3 7 AwEAAaQ6vDoHd2QDRBLwB
+n63RxnmJExvIcOz7uv9gM+l8QSMAJTTCDp qJ8R
+8UfYs97cn6LM3cT3kcl9V0GnjljNzNMk39W11Ej7htNcbf4u1n5
z2e4WsnpjQJJmKoWv2FORIfJmLKbxzGILSK13mrDUETj9onhdtOsjkhc K/7S+h1d
gov. 86400 IN DNSKEY 257 3 7 AwEAAZ1OCt7zZxeaROvzXNCNlqQWIi+
+p5ABXSoxqJ65WQko6xrI9RIm K7IBT5roFhXjBDGJ8ld9CYIEN94kK83K/QwUGCJ
+v3vIQFi09IqsPeRd
HTQyghWWbhzAZpnlZ16imXB4yFZjdbV2iM66KcgsESQMPEcIayDQJh6J
Ei1wmslrYvRRJ6YPOWrlLD0RmdtCaRuzlUE0RiWSem/i8vDFdmsSwChR
McORklKqjqt1+RBIiEFJGKIz7lGc9DXRwkBfb+halii+jrELiZAPzfO7
rf08l3QlgHEuxclTTdEaxctPd2O2U/Hl9tRgkxRL/Zv1i0sEx2mOJGcU CeVm4Hf2aM8=
gov. 86400 IN RRSIG DNSKEY 7 1 86400 20091220121705 20091215121705
26079 gov. mf+d5N5DNyEI77JlDe+8wJ4qHH0QZXQoSlPttdtNRVbsl21yazvBG3np
6QJzLUw71QN8DF2GXFTleB4EvFVwlLlp+1HxdGIyFMJWKyGsxtjd/4ko
CddfmqpmmkoRa8YyxPnS2T4226NL5sf6E8/HkA0W719UjDzDBLopi/nm HrSMcr7+zG/
soMoSqNJHQXqFwJQJ4TBeMLoDZBSWhABeTLsNz1jPDYw3
uKIs3DIyrjQK1snOYz9Dr39Ro1k6nTxgT5DDR55Pdu7Rzp7rEoiiiYRb
PIdoeWn4165wtk30yQ3kM0rXmwlBtH4gUWpyQ/ngwWbOjD+eGiJnwBOR 8q1dfA==
gov. 86400 IN RRSIG DNSKEY 7 1 86400 20091220121705 20091215121705
51998 gov. fxkU0XpHGe5ccHSUNwsOBDN5DfcUAB88Yrxx34esWS/rhlgnlhdLifc0
0Jmm6QISTONtSqvJrSpNS/M5OkqCxGGfNFBYVFr4khXD7iugecoJgKVa
EOb6ce9d3Lr70vl+VhAKn2/9DYyZJ9td5t582YnEhdMS6jlV1BaAdp2B YvQ=
;; Query time: 99 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Dec 15 18:37:59 2009
;; MSG SIZE rcvd: 1186
root@nexusone:/home/vom#