On Mon Jul 8 11:16:42 UTC 2019,Tony Finch dot at dotat.at wrote:
The main problem that I can see is 3 out of the 7 navy.mil DNS servers say that usno.navy.mil does not exist, so it's a matter of luck whether you'll be able to contact it or not.
Tony.
Great detective work, Tony! After a little "digging" of my own, I discovered it's even worse than that. There are no public facing "authoritative" DNS servers for Navy.MIL (or USNO.Navy.MIL as all of them are unreachable). The Navy.MIL DNS servers have *no authoritative data* for USNO; they all appear to be caching secondary servers. The give away is that the TTLs decrements between "dig" runs. (Possibly "slit horizon" DNS servers that internally referencing their other half. There's no way to tell from this side.) This also means that the primary server listed in the SOA is not the real primary. There must be hidden primary and secondary DNS server somewhere as the servers we can actually see have cached RR (resource records). Someone hasn't thought out all of the implications of what they're doing. When I was looking, only two of seven Navy.MIL DNS servers returning NXDOMAIN for USNO.Navy.MIL. These were ns1.csd.disa.mil, the purported Navy.MIL primary DNS server (with no authoritative SOA RR) and updciftr01.csd.disa.mil. I could not reach *any* of the USNO.Navy.MIL DNS servers, period (The Naval Oceanographic Portal. (NoP) is up as I was able to FTP to Tycho and MAIA. I'm going to have to add Psyche.USNO.Navy.MIL to my /etc/hosts it seems (when I can figure out its IP address)). I must agree that a guaranteed 28% failure rate for USNO.Navy.MIL DNS lookups is unacceptable. The USNO SOA points to hostmaster@usno.navy.mil and none of the hosts in that MX RR are reachable. Does anyone have the 'phone number of a responsible person at USNO proper? The Petty Officer who answered the 'phone at the main number was less than helpful... (I hesitate to call Jeff Prillaman about this issue.)