[dns-operations] problems resolving army.mil and us.army.mil?
Christopher Morrow
morrowc.lists at gmail.com
Wed Aug 21 18:09:17 UTC 2013
On Wed, Aug 21, 2013 at 1:19 PM, Rose, Scott W. <scott.rose at nist.gov> wrote:
> >From appearances, the error is not DNSSEC related (army.mil is unsigned),
> but that no one can reach the army.mil servers. I see both SERVFAIL and
> "no servers could be reached" errors.
>
bummer, I thought i had seen dnssec problems :(
I wasn't looking as closely as I should have, clearly (see peanut
gallery portion of comment)
> As for requiring validation, the next version of the security controls for
> all Federal USG systems will require DNSSEC validation in the agency.
oh, that's good(er).
> This will likely be at the recursive resolver level, not the end system.
> http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
>
> That was published in 4/2013, so it won't be "in effect" until next April,
> but some agencies are doing validation now. We already hear of issues and
> some successes.
hurrah! it seems that like other internet-things, making more people
scream gets you the lube required to operationalize things better :)
(or I hope that's what the lube is for)
-chris
More information about the dns-operations
mailing list