.mil nameserver problems?

David Ulevitch david at ulevitch.com
Wed Feb 17 03:15:53 UTC 2010

On Tue, Feb 16, 2010 at 6:55 PM, Antonio Querubin <tony at lava.net> wrote:
> Anyone else noticing an increase in .mil nameserver problems today? Our
> resolvers aren't able to find NS info for various .mil domains such as
> pacom.mil and usfj.mil.
> % dig +trace pacom.mil

Actually, a number of the .mil zones are exceptionally broken, and
pacom.mil is no exception. :-)

The .mil TLD servers seem to have loaded the entire zones and are
serving borked zones as a result.  For example, ask the TLD about

$ dig @PAC1.NIPR.mil. www.pacom.mil

; <<>> DiG 9.4.3-P3 <<>> @PAC1.NIPR.mil. www.pacom.mil
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35118
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;www.pacom.mil.			IN	A

www.pacom.mil.		1722	IN	CNAME	www.pacom.mil.edgesuite.net.
www.pacom.mil.edgesuite.net. 401 IN	CNAME	a1112.g.akamai.net.
a1112.g.akamai.net.	20	IN	A
a1112.g.akamai.net.	20	IN	A

;; Query time: 234 msec
;; WHEN: Tue Feb 16 19:14:13 2010
;; MSG SIZE  rcvd: 133

And if you ask for an NS record for pacom.mil, it'll give you that,
but without an additional section despite having the answers, because
it thinks it is the authoritative for that zone (I'm guessing that
explains the behavior but don't know their software).


More information about the NANOG mailing list