.mil nameserver problems?

Mark Andrews marka at isc.org
Tue Feb 16 21:40:03 CST 2010


In message <589775371002161915h513bd247wcc4776856ed4487a at mail.gmail.com>, David
 Ulevitch writes:
> On Tue, Feb 16, 2010 at 6:55 PM, Antonio Querubin <tony at lava.net> wrote:
> > Anyone else noticing an increase in .mil nameserver problems today? Our
> > resolvers aren't able to find NS info for various .mil domains such as
> > pacom.mil and usfj.mil.
> >
> > % dig +trace pacom.mil
> >
> 
> Actually, a number of the .mil zones are exceptionally broken, and
> pacom.mil is no exception. :-)
> 
> The .mil TLD servers seem to have loaded the entire zones and are
> serving borked zones as a result.  For example, ask the TLD about
> www.pacom.mil:

No.  Just a failure to seperate authoritative and recursive functionality.
You can workout how many servers there are by looking at the TTL decays.
 
> $ dig @PAC1.NIPR.mil. www.pacom.mil
> 
> ; <<>> DiG 9.4.3-P3 <<>> @PAC1.NIPR.mil. www.pacom.mil
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35118
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.pacom.mil.			IN	A
> 
> ;; ANSWER SECTION:
> www.pacom.mil.		1722	IN	CNAME	www.pacom.mil.edgesuite
> .net.
> www.pacom.mil.edgesuite.net. 401 IN	CNAME	a1112.g.akamai.net.
> a1112.g.akamai.net.	20	IN	A	209.107.205.160
> a1112.g.akamai.net.	20	IN	A	209.107.205.88
> 
> ;; Query time: 234 msec
> ;; SERVER: 199.252.180.234#53(199.252.180.234)
> ;; WHEN: Tue Feb 16 19:14:13 2010
> ;; MSG SIZE  rcvd: 133
> 
> And if you ask for an NS record for pacom.mil, it'll give you that,
> but without an additional section despite having the answers, because
> it thinks it is the authoritative for that zone (I'm guessing that
> explains the behavior but don't know their software).
> 
> -David
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the NANOG mailing list