[dns-operations] cdc.gov Contact

Viktor Dukhovni ietf-dane at dukhovni.org
Sat Jul 27 00:05:31 UTC 2024


On Fri, Jul 26, 2024 at 04:53:10PM -0500, Richard Laager via dns-operations wrote:

> I'm looking for a cdc.gov contact. I've already tried hostmaster at cdc.gov and
> cameron.dixon at cisa.dhs.gov with no luck.

The SOA RR for akam.cdc.gov (problem zone) lists as its "rname":

    adhelpdsk at cdc.gov

And the GOV opendata lists a security contact for cdc.gov of:

    ResponsibleDisclosure at hhs.gov

> According to a BIND developer:
> 
> "simply by querying for cdc.gov/NS first and only then querying for
> www.cdc.gov/A - the result will be a SERVFAIL... That's because the
> authoritative server set is different in gov. and in cdc.gov. and, in
> particular, all of the servers listed in the NS RRset at the child side of
> the zone cut return REFUSED to all queries for akam.cdc.gov and its
> subdomains.  That's why as soon as a resolver caches the child-side NS
> RRset, it will not be able to resolve anything inside the akam.cdc.gov zone"

This is correct, only the parent-side NS RRset includes nameservers that
are willing to delegate "akam.cdc.gov".

> gov. has NS records pointing to auth00.ns.uu.net. and auth100.ns.uu.net.
> that ns[123].cdc.gov. do not. I assume that's what he is referring to when
> he says the "authoritative server set is different in gov. and in cdc.gov."
> That should also be fixed.

Yes.

-- 
    Viktor.


More information about the dns-operations mailing list