usno.navy.mil disappeared?
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers. $ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8 -Steve S.
Looks like either a DNSSEC problem or their servers are down/unreachable. http://dnsviz.net/d/usno.navy.mil/dnssec/ - Jared
On Dec 21, 2018, at 9:48 AM, Steven Surdock via Outages <outages@outages.org> wrote:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers.
$ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8
-Steve S.
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Actually, that is what I was going to say... and then I poked again and saw: $ dig ns usno.navy.mil @ns.cybercom.mil. ; <<>> DiG 9.11.1-P3 <<>> ns usno.navy.mil @ns.cybercom.mil. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13693 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; Query time: 52 msec ;; SERVER: 131.77.60.235#53(131.77.60.235) ;; WHEN: Fri Dec 21 09:56:49 EST 2018 ;; MSG SIZE rcvd: 42 navy.mil seems to be returning NXDOMAIN for usno.navy.mil (or, I haven't had sufficient coffee..) W On Fri, Dec 21, 2018 at 9:56 AM Jared Mauch via Outages <outages@outages.org> wrote:
Looks like either a DNSSEC problem or their servers are down/unreachable.
http://dnsviz.net/d/usno.navy.mil/dnssec/
- Jared
On Dec 21, 2018, at 9:48 AM, Steven Surdock via Outages < outages@outages.org> wrote:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers.
$ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8
-Steve S.
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
On 12/21/18 9:54 AM, Jared Mauch via Outages wrote:
Looks like either a DNSSEC problem or their servers are down/unreachable.
http://dnsviz.net/d/usno.navy.mil/dnssec/ shows a problem.
On Fri, Dec 21, 2018 at 02:48:03PM +0000, Steven Surdock via Outages <outages@outages.org> wrote a message of 13 lines which said:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable.
Indeed, their four name servers do not reply to most packets. Sometimes, it works: % check-soa -i usno.navy.mil charon.usno.navy.mil. 199.211.133.5: OK: 201709123 (180 ms) metis.usnogps.navy.mil. Cannot get the IPv4 address: read udp 127.0.0.1:57410->127.0.0.1:53: i/o timeout psyche.usno.navy.mil. 192.5.41.214: OK: 201709123 (181 ms) tycho.usnogps.navy.mil. Cannot get the IPv6 address: read udp 127.0.0.1:59763->127.0.0.1:53: i/o timeout And sometimes not: % check-soa -i usno.navy.mil charon.usno.navy.mil. 199.211.133.5: ERROR: read udp 10.10.86.133:50346->199.211.133.5:53: i/o timeout metis.usnogps.navy.mil. Cannot get the IPv4 address: read udp 127.0.0.1:51404->127.0.0.1:53: i/o timeout psyche.usno.navy.mil. 192.5.41.214: ERROR: read udp 10.10.86.133:34181->192.5.41.214:53: i/o timeout tycho.usnogps.navy.mil. Cannot get the IPv6 address: read udp 127.0.0.1:50038->127.0.0.1:53: i/o timeout RIPE Atlas probes see a majority of failures: % blaeu-resolve -r 250 -q NS usno.navy.mil [ERROR: NXDOMAIN] : 150 occurrences [ERROR: SERVFAIL] : 14 occurrences [charon.usno.navy.mil. metis.usnogps.navy.mil. psyche.usno.navy.mil. tycho.usnogps.navy.mil.] : 81 occurrences Test #18414784 done at 2018-12-21T14:58:04Z May be a DoS? But I'm surprised by the number of NXDOMAIN (unresponding servers should trigger SERVFAIL or timeout).
weird Name: www.usno.navy.mil Address: 199.211.133.90 On Fri, Dec 21, 2018 at 8:49 AM Steven Surdock via Outages < outages@outages.org> wrote:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers.
$ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8
-Steve S.
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Also, their cert is bad. On Fri, Dec 21, 2018 at 10:11 AM u tube via Outages <outages@outages.org> wrote:
weird Name: www.usno.navy.mil Address: 199.211.133.90
On Fri, Dec 21, 2018 at 8:49 AM Steven Surdock via Outages < outages@outages.org> wrote:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers.
$ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8
-Steve S.
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Only three of the seven nameserver is responding with a valid response for USNO. $ dig +short NS navy.mil @192.168.83.1 updciftr01.csd.disa.mil. uforiftr01.csd.disa.mil. updciftr02.csd.disa.mil. ns.jtfgno.mil. ns1.csd.disa.mil. ns.cybercom.mil. uforiftr02.csd.disa.mil. $ dig NS usno.navy.mil @updciftr01.csd.disa.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @updciftr01.csd.disa.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58668 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; Query time: 101 msec ;; SERVER: 215.65.126.180#53(215.65.126.180) ;; WHEN: Fri Dec 21 10:20:49 EST 2018 ;; MSG SIZE rcvd: 42 $ dig NS usno.navy.mil @uforiftr01.csd.disa.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @uforiftr01.csd.disa.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32614 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; Query time: 155 msec ;; SERVER: 214.23.245.4#53(214.23.245.4) ;; WHEN: Fri Dec 21 10:21:13 EST 2018 ;; MSG SIZE rcvd: 42 $ dig NS usno.navy.mil @updciftr02.csd.disa.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @updciftr02.csd.disa.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14166 ;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; ANSWER SECTION: usno.navy.mil. 29 IN NS metis.usnogps.navy.mil. usno.navy.mil. 29 IN NS psyche.usno.navy.mil. usno.navy.mil. 29 IN NS tycho.usnogps.navy.mil. usno.navy.mil. 29 IN NS charon.usno.navy.mil. ;; Query time: 92 msec ;; SERVER: 215.65.126.181#53(215.65.126.181) ;; WHEN: Fri Dec 21 10:21:22 EST 2018 ;; MSG SIZE rcvd: 132 $ dig NS usno.navy.mil @ns.jtfgno.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @ns.jtfgno.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44129 ;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; ANSWER SECTION: usno.navy.mil. 18 IN NS charon.usno.navy.mil. usno.navy.mil. 18 IN NS psyche.usno.navy.mil. usno.navy.mil. 18 IN NS metis.usnogps.navy.mil. usno.navy.mil. 18 IN NS tycho.usnogps.navy.mil. ;; Query time: 67 msec ;; SERVER: 214.3.125.231#53(214.3.125.231) ;; WHEN: Fri Dec 21 10:21:34 EST 2018 ;; MSG SIZE rcvd: 132 $ dig NS usno.navy.mil @ns1.csd.disa.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @ns1.csd.disa.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63005 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; Query time: 81 msec ;; SERVER: 152.229.110.235#53(152.229.110.235) ;; WHEN: Fri Dec 21 10:24:28 EST 2018 ;; MSG SIZE rcvd: 42 $ dig NS usno.navy.mil @ns.cybercom.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @ns.cybercom.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37378 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; Query time: 81 msec ;; SERVER: 131.77.60.235#53(131.77.60.235) ;; WHEN: Fri Dec 21 10:21:52 EST 2018 ;; MSG SIZE rcvd: 42 $ dig NS usno.navy.mil @uforiftr02.csd.disa.mil ; <<>> DiG 9.11.2-P1 <<>> NS usno.navy.mil @uforiftr02.csd.disa.mil ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64041 ;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;usno.navy.mil. IN NS ;; ANSWER SECTION: usno.navy.mil. 286 IN NS tycho.usnogps.navy.mil. usno.navy.mil. 286 IN NS charon.usno.navy.mil. usno.navy.mil. 286 IN NS psyche.usno.navy.mil. usno.navy.mil. 286 IN NS metis.usnogps.navy.mil. ;; Query time: 168 msec ;; SERVER: 214.23.245.5#53(214.23.245.5) ;; WHEN: Fri Dec 21 10:22:10 EST 2018 ;; MSG SIZE rcvd: 132 From: Scott Grant <sgrant@anwsd.org> Sent: Friday, December 21, 2018 10:12 AM To: u tube <utube3805@gmail.com> Cc: Steven Surdock <ssurdock@engineered-net.com>; outages@outages.org Subject: Re: [outages] usno.navy.mil disappeared? Also, their cert is bad. On Fri, Dec 21, 2018 at 10:11 AM u tube via Outages <outages@outages.org<mailto:outages@outages.org>> wrote: weird Name: www.usno.navy.mil<http://www.usno.navy.mil> Address: 199.211.133.90 On Fri, Dec 21, 2018 at 8:49 AM Steven Surdock via Outages <outages@outages.org<mailto:outages@outages.org>> wrote: Anyone know what is going on with The US Naval Observatory? Usno.navy.mil<http://Usno.navy.mil> appears to be completely unresolvable. Affecting access to tick and tock time servers. $ nslookup -type=NS usno.navy.mil<http://usno.navy.mil> 8.8.8.8 *** google-public-dns-a.google.com<http://google-public-dns-a.google.com> can't find usno.navy.mil<http://usno.navy.mil>: Server failed Server: google-public-dns-a.google.com<http://google-public-dns-a.google.com> Address: 8.8.8.8 -Steve S. _______________________________________________ Outages mailing list Outages@outages.org<mailto:Outages@outages.org> https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org<mailto:Outages@outages.org> https://puck.nether.net/mailman/listinfo/outages
Unless you’re a member of the DOD you won’t have their CA installed: https://www.cpms.osd.mil/Subpage/DODRootCertificates/ Sent from ProtonMail Mobile On Fri, Dec 21, 2018 at 09:12, Scott Grant via Outages <outages@outages.org> wrote:
Also, their cert is bad.
On Fri, Dec 21, 2018 at 10:11 AM u tube via Outages <outages@outages.org> wrote:
weird Name: www.usno.navy.mil Address: 199.211.133.90
On Fri, Dec 21, 2018 at 8:49 AM Steven Surdock via Outages <outages@outages.org> wrote:
Anyone know what is going on with The US Naval Observatory? Usno.navy.mil appears to be completely unresolvable. Affecting access to tick and tock time servers.
$ nslookup -type=NS usno.navy.mil 8.8.8.8 *** google-public-dns-a.google.com can't find usno.navy.mil: Server failed Server: google-public-dns-a.google.com Address: 8.8.8.8
-Steve S.
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
On Fri, Dec 21, 2018 at 09:04:56AM -0600, u tube via Outages <outages@outages.org> wrote a message of 82 lines which said:
weird Name: www.usno.navy.mil Address: 199.211.133.90
As often with the Internet, "it depends". It depends on your location (more on the AS than on the city you're in). That's why it is important to use several vantage points (like the RIPE Atlas probes). It also depends on time: in the last minutes, I've seen the name servers replying/timeouting.
Could also be a result returned from cache. Clear it or query a NS directly and see if it actually still resolves. Christopher Conley Systems Administrator | Fors Marsh Group Arlington, VA 22201 -----Original Message----- From: Outages <outages-bounces@outages.org> On Behalf Of Stephane Bortzmeyer via Outages Sent: Friday, December 21, 2018 10:21 AM To: u tube <utube3805@gmail.com> Cc: outages@outages.org Subject: Re: [outages] usno.navy.mil disappeared? On Fri, Dec 21, 2018 at 09:04:56AM -0600, u tube via Outages <outages@outages.org> wrote a message of 82 lines which said:
weird Name: www.usno.navy.mil Address: 199.211.133.90
As often with the Internet, "it depends". It depends on your location (more on the AS than on the city you're in). That's why it is important to use several vantage points (like the RIPE Atlas probes). It also depends on time: in the last minutes, I've seen the name servers replying/timeouting. _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (9)
-
Christopher Conley -
Gary Gapinski -
Geeknik Labs -
Jared Mauch -
Scott Grant -
Stephane Bortzmeyer -
Steven Surdock -
u tube -
Warren Kumari