.mil nameserver problems?
david at ulevitch.com
Wed Feb 17 03:15:53 UTC 2010
On Tue, Feb 16, 2010 at 6:55 PM, Antonio Querubin <tony at lava.net> wrote:
> Anyone else noticing an increase in .mil nameserver problems today? Our
> resolvers aren't able to find NS info for various .mil domains such as
> pacom.mil and usfj.mil.
> % dig +trace pacom.mil
Actually, a number of the .mil zones are exceptionally broken, and
pacom.mil is no exception. :-)
The .mil TLD servers seem to have loaded the entire zones and are
serving borked zones as a result. For example, ask the TLD about
$ dig @PAC1.NIPR.mil. www.pacom.mil
; <<>> DiG 9.4.3-P3 <<>> @PAC1.NIPR.mil. www.pacom.mil
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35118
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.pacom.mil. IN A
;; ANSWER SECTION:
www.pacom.mil. 1722 IN CNAME www.pacom.mil.edgesuite.net.
www.pacom.mil.edgesuite.net. 401 IN CNAME a1112.g.akamai.net.
a1112.g.akamai.net. 20 IN A 188.8.131.52
a1112.g.akamai.net. 20 IN A 184.108.40.206
;; Query time: 234 msec
;; SERVER: 220.127.116.11#53(18.104.22.168)
;; WHEN: Tue Feb 16 19:14:13 2010
;; MSG SIZE rcvd: 133
And if you ask for an NS record for pacom.mil, it'll give you that,
but without an additional section despite having the answers, because
it thinks it is the authoritative for that zone (I'm guessing that
explains the behavior but don't know their software).
More information about the NANOG