[dns-operations] glb.cdc.gov nameservers not accepting TCP

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Oct 20 18:01:44 UTC 2021

On Wed, Oct 20, 2021 at 10:46:21AM -0700, Tim Maestas wrote:

> Anyone have a contact for CDC.gov (or glb.cdc.gov - other than
> hostmaster at cdc.gov which I've already reached out to)?
> A response to a +DO query for DNSKEY glb.cdc.gov is 1253 bytes.  If the
> EDNS bufsize is <1253 the nameservers for glb.cdc.gov are setting TC=1
> however they do not seem to be accepting TCP queries.

This is IIRC a well-known longstanding issue.  It'd be good to see it
resolved.  The "Security Contact Email" for cdc.gov is:

    <ResponsibleDisclosure at hhs.gov>

which also suggests perhaps reaching out to HHS as well:

    <hostmaster at psc.hhs.gov>


More information about the dns-operations mailing list