2013/02/01

Google public DNS can support DNSSEC

Google has completed a marvelous job. Its four public resolvers at "8.8.8.8", "8.8.4.4", "2001:4860:4860::8888" and "2001:4860:4860::8844" can now support DNSSEC and perform signature validation.

[warren@dnssec ~]# dig +dnssec ds icann.org @2001:4860:4860::8844 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @2001:4860:4860::8888 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @8.8.8.8 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @8.8.4.4 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

My double thumb up to Google.

No comments: