[dns-operations] cdc.gov bad behaviour

Thu Dec 17 21:22:08 UTC 2020

It's an ongoing problem
https://lists.dns-oarc.net/pipermail/dns-operations/2020-September/020420.html

On Thu, 17 Dec 2020 at 13:18, Brian Somers <bsomers at opendns.com> wrote:
>
> Anyone seeing this from the cdc.gov nameservers?
>
>     $ dig +cd +short ns akam.cdc.gov
>     a1-43.akam.net.
>     a2-64.akam.net.
>     a5-66.akam.net.
>     a8-67.akam.net.
>     a9-64.akam.net.
>     a28-65.akam.net.
>
>     $ dig +cd +short ns cdc.gov
>     ns1.cdc.gov.
>     ns2.cdc.gov.
>     ns3.cdc.gov.
>     icdc-us-ns1.cdc.gov.
>     icdc-us-ns2.cdc.gov.
>     icdc-us-ns3.cdc.gov.
>
>     $ dig +noall +ans +dnssec +nocrypt www.akam.cdc.gov @a1-43.akam.net
>     www.akam.cdc.gov.       20      IN      A       23.197.246.11
>     www.akam.cdc.gov.       20      IN      RRSIG   A 10 4 20 20201220195717 20201217185717 11552 akam.cdc.gov. [omitted]
>
>     $ dig +noall +ans +dnssec +nocrypt www.akam.cdc.gov @ns1.cdc.gov
>     www.akam.cdc.gov.       3600    IN      CNAME   www.cdc.gov.edgekey.net.
>
> Because cdc.gov nameservers are responding to queries below their
> delegations, and they’re responding without signatures, they’re being
> considered BOGUS.
>
> I’ll dig up a .gov contact in the OARC portal….
>
> —
> Brian
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations