On Fri, Jul 26, 2024 at 04:53:10PM -0500, Richard Laager via dns-operations
wrote:
> I'm looking for a cdc.gov contact. I've already tried hostmas...@cdc.gov and
> cameron.di...@cisa.dhs.gov with no luck.
The SOA RR for akam.cdc.gov (problem zone) lists as its "rname":
adhelp...@cdc.gov
And the GOV opendata lists a security contact for cdc.gov of:
responsibledisclos...@hhs.gov
> According to a BIND developer:
>
> "simply by querying for cdc.gov/NS first and only then querying for
> www.cdc.gov/A - the result will be a SERVFAIL... That's because the
> authoritative server set is different in gov. and in cdc.gov. and, in
> particular, all of the servers listed in the NS RRset at the child side of
> the zone cut return REFUSED to all queries for akam.cdc.gov and its
> subdomains. That's why as soon as a resolver caches the child-side NS
> RRset, it will not be able to resolve anything inside the akam.cdc.gov zone"
This is correct, only the parent-side NS RRset includes nameservers that
are willing to delegate "akam.cdc.gov".
> gov. has NS records pointing to auth00.ns.uu.net. and auth100.ns.uu.net.
> that ns[123].cdc.gov. do not. I assume that's what he is referring to when
> he says the "authoritative server set is different in gov. and in cdc.gov."
> That should also be fixed.
Yes.
--
Viktor.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
