[outages] [EXTERNAL] DNS SERVFAIL for nist.gov

Ullrich, Johannes jullrich at sans.edu
Mon Jun 14 06:51:59 EDT 2021 

are your local resolvers forwarding to 8.8.8.8?

I tried a small sample of public resolvers and only the google once
failed. Maybe DNSSEC? (looks like the NIST signature rotated yesterday)


1.1.1.1
gm.nist.gov. netops.nist.gov. 2889174 10800 1080 2419200 300

8.8.8.8
failed

8.8.4.4
failed

75.75.75.75
gm.nist.gov. netops.nist.gov. 2889174 10800 1080 2419200 300

9.9.9.9
gm.nist.gov. netops.nist.gov. 2889174 10800 1080 2419200 300






On 6/14/21 6:35 AM, Matthew Huff via Outages wrote:
> External email warning - This email originated outside the company. Please do not click links or open attachments unless you were expecting this communication. - SANS Security Team -
> 
> We have to query and compare against NIST time servers for FINRA compliance. This morning I noticed our systems are unable to DNS query the NIST time servers. Neither our local resolvers or google (8.8.8.8) work.
> 
> [root at bacall log]# dig @8.8.8.8 time-a-g.nist.gov
> 
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> @8.8.8.8 time-a-g.nist.gov
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36018
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;time-a-g.nist.gov.             IN      A
> 
> ;; Query time: 6 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Mon Jun 14 06:27:45 EDT 2021
> ;; MSG SIZE  rcvd: 46
> 
> [root at bacall log]# dig @8.8.8.8 nist.gov in soa
> 
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> @8.8.8.8 nist.gov in soa
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17779
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;nist.gov.                      IN      SOA
> 
> ;; Query time: 5 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Mon Jun 14 06:31:59 EDT 2021
> ;; MSG SIZE  rcvd: 37
> 
> The time servers are documented here: https://urldefense.com/v3/__https://tf.nist.gov/tf-cgi/servers.cgi__;!!MlQdS1fu!DZRm9lRTouO4RyYpsdoZy2u792hhsKWBND7n9t0k6c_z15nmXjO3j7ufO18Zog$
> 
> Using the IP addresses work, it look like the nist.gov domain is offline.
> 
> Matthew Huff | Director of Technical Operations | OTA Management LLC
> 
> Office: 914-460-4039
> mhuff at ox.comhttps://urldefense.com/v3/__http://www.ox.com__;!!MlQdS1fu!DZRm9lRTouO4RyYpsdoZy2u792hhsKWBND7n9t0k6c_z15nmXjO3j7s2_kXJlQ$
> ...........................................................................................................................................
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/outages__;!!MlQdS1fu!DZRm9lRTouO4RyYpsdoZy2u792hhsKWBND7n9t0k6c_z15nmXjO3j7vlVeiO4w$
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/outages/attachments/20210614/dd2c6eac/attachment.sig>

More information about the Outages mailing list