dig -- only RRSIG present.
Spain, Dr. Jeffry A.
spainj at countryday.net
Mon Feb 13 02:59:42 UTC 2012
> As Tony Finch pointed out to me a few days ago, the Google public servers don't understand that fact about DS records, and don't know to ask for them in the parent. But here's something interesting - as of my testing just now, they *do* respond with DS records
This thread has been kind of confusing, but looking again at the original post (https://lists.isc.org/pipermail/bind-users/2012-February/086586.html), the author was concerned about the lack of DS records in response to his queries. Those two queries, directed to Google's server at 188.8.131.52, were:
dig +dnssec -t SOA org
dig +dnssec -t SOA org 184.108.40.206
I don't think any DS records should have been provided in the answers since SOA records were being requested. Your query:
dig isc.org @220.127.116.11 ds +dnssec
is requesting and receiving DS records, on the other hand.
I also see Mark's post just now where 'dig @18.104.22.168 ds org.' returns SERVFAIL while 'dig @22.214.171.124 ds isc.org.' returns the appropriate DS records. The same thing happens for me with 'dig @126.96.36.199 ds net.' and 'dig @188.8.131.52 ds jaspain.net.', and with 'dig @184.108.40.206 ds com.' and 'dig @220.127.116.11 ds countryday.com.'. Clearly Google's server is malfunctioning in this regard.
Jeffry A. Spain
Cincinnati Country Day School
More information about the bind-users