.mil nameserver problems?
marka at isc.org
Tue Feb 16 21:40:03 CST 2010
In message <589775371002161915h513bd247wcc4776856ed4487a at mail.gmail.com>, David
> On Tue, Feb 16, 2010 at 6:55 PM, Antonio Querubin <tony at lava.net> wrote:
> > Anyone else noticing an increase in .mil nameserver problems today? Our
> > resolvers aren't able to find NS info for various .mil domains such as
> > pacom.mil and usfj.mil.
> > % dig +trace pacom.mil
> Actually, a number of the .mil zones are exceptionally broken, and
> pacom.mil is no exception. :-)
> The .mil TLD servers seem to have loaded the entire zones and are
> serving borked zones as a result. For example, ask the TLD about
No. Just a failure to seperate authoritative and recursive functionality.
You can workout how many servers there are by looking at the TTL decays.
> $ dig @PAC1.NIPR.mil. www.pacom.mil
> ; <<>> DiG 9.4.3-P3 <<>> @PAC1.NIPR.mil. www.pacom.mil
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35118
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;www.pacom.mil. IN A
> ;; ANSWER SECTION:
> www.pacom.mil. 1722 IN CNAME www.pacom.mil.edgesuite
> www.pacom.mil.edgesuite.net. 401 IN CNAME a1112.g.akamai.net.
> a1112.g.akamai.net. 20 IN A 18.104.22.168
> a1112.g.akamai.net. 20 IN A 22.214.171.124
> ;; Query time: 234 msec
> ;; SERVER: 126.96.36.199#53(188.8.131.52)
> ;; WHEN: Tue Feb 16 19:14:13 2010
> ;; MSG SIZE rcvd: 133
> And if you ask for an NS record for pacom.mil, it'll give you that,
> but without an additional section despite having the answers, because
> it thinks it is the authoritative for that zone (I'm guessing that
> explains the behavior but don't know their software).
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG