DNSSEC validation fails on Google DNS

482 views
Skip to first unread message

jos...@gmail.com

unread,
Feb 10, 2020, 9:51:59 AM2/10/20
to public-dns-discuss
Google DNS gives me de following result when I resolve one of my domains.
Resolving does not work while DNSSEC validation fails.

The domain was checked using dnsviz.net and the verisign dnssec-debugger. Both report that the domain signing is correct.

A traffic capture on our DNS-server show proper responses when DNSKEY records are requested by the Google DNS-servers.

Any idea what is causing this problem?


Result for www.motivlab.nl/A with DNSSEC validation:

{
  "Status": 2,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "www.motivlab.nl.",
      "type": 1
    }
  ],
  "Comment": "DNSSEC validation failure. Could not get DNSKEY or DS records needed for validation. Check http://dnsviz.net/d/www.motivlab.nl/dnssec/ and http://dnssec-debugger.verisignlabs.com/www.motivlab.nl for errors"
}

Puneet Sood

unread,
Feb 22, 2020, 3:35:28 PM2/22/20
to public-dns-discuss
i can confirm this is still happening.
Reply all
Reply to author
Forward
0 new messages