[outages] NIST (time.nist.gov, etc) DNSSEC bogus
Mark Milhollan
mlm at pixelgate.net
Fri Aug 26 05:39:53 EDT 2016
On Fri, 26 Aug 2016, Stephane Bortzmeyer via Outages wrote:
>Several NIST services such as time.nist.gov or www.nist.gov are not
>reachable if you use a DNSSEC-validating resolver (as you
>should). These names are aliases to something under the broken zone
>glb.nist.gov.
>Also, there is no email in the SOA of nist.gov and the whois of .gov
>is not informative :-(
SOA for glb is better. I sent messages to the former and to
timeinfo at blouder.nist.gov around 0544Z but at this time of day it seems
unlikely anyone there will notice. According to dnsviz the problem
appeared sometime prior to 11 hours ago -- alas the previous test they
had was a year ago so not much isolation as to when.
/mark
More information about the Outages
mailing list