[dns-operations] cdc.gov bad behaviour
Brian Somers
bsomers at opendns.com
Thu Dec 17 21:02:59 UTC 2020
Anyone seeing this from the cdc.gov nameservers?
$ dig +cd +short ns akam.cdc.gov
a1-43.akam.net.
a2-64.akam.net.
a5-66.akam.net.
a8-67.akam.net.
a9-64.akam.net.
a28-65.akam.net.
$ dig +cd +short ns cdc.gov
ns1.cdc.gov.
ns2.cdc.gov.
ns3.cdc.gov.
icdc-us-ns1.cdc.gov.
icdc-us-ns2.cdc.gov.
icdc-us-ns3.cdc.gov.
$ dig +noall +ans +dnssec +nocrypt www.akam.cdc.gov @a1-43.akam.net
www.akam.cdc.gov. 20 IN A 23.197.246.11
www.akam.cdc.gov. 20 IN RRSIG A 10 4 20 20201220195717 20201217185717 11552 akam.cdc.gov. [omitted]
$ dig +noall +ans +dnssec +nocrypt www.akam.cdc.gov @ns1.cdc.gov
www.akam.cdc.gov. 3600 IN CNAME www.cdc.gov.edgekey.net.
Because cdc.gov nameservers are responding to queries below their
delegations, and they’re responding without signatures, they’re being
considered BOGUS.
I’ll dig up a .gov contact in the OARC portal….
—
Brian
More information about the dns-operations
mailing list