1.1.1.1 can't reach US .mil websites

Lolox · April 28, 2018, 12:49pm

Hello,

I use https://www.dibbs.bsm.dla.mil/ for work, but I can’t reach any of the .mil sites when using 1.1.1.1.

They all work with 8.8.8.8

tia

matteo · April 28, 2018, 1:28pm

I believe the issue is already known to the team.

But a new case is never bad as there are more info, would you mind following this?

Lolox · April 28, 2018, 1:43pm

Is there a way to get an ETA? I’ve been checking every 2 weeks but the issue persist.

matteo · April 28, 2018, 3:09pm

Will have to wait on @cs-cf on Monday I presume…

cs-cf · April 28, 2018, 3:12pm

I believe this probably the same root cause and is being addressed in a code change to the resolver in use itself:

Appreciate the additional data point though and have linked this thread to our internal tracking so we can update when a resolution is available.

cs-cf · April 28, 2018, 3:23pm

heh… checking in before I head out for the day.

matteo · April 28, 2018, 3:25pm

So, you work on Saturdays too, have a great weekend!

mvavrusa · May 2, 2018, 11:53pm

Hi, the problem is that the www.dibbs.bsm.dla.mil in bsm.dla.mil zone has broken DNSSEC, so validating DNS resolvers will block the answer. We’ll try to reach out.

http://dnsviz.net/d/www.dibbs.bsm.dla.mil/dnssec/

war59312 · July 8, 2020, 10:09pm

Sad to see still not fixed.

nslookup web-mont02.mail.mil 1.1.1.1

Server: 1.1.1.1

Address: 1.1.1.1#53

** server can’t find web-mont02.mail.mil: SERVFAIL

nslookup web-mont02.mail.mil 8.8.8.8

Server: 8.8.8.8

Address: 8.8.8.8#53

Non-authoritative answer:

Name: web-mont02.mail.mil

Address: 156.112.76.42

OliverGrant · July 8, 2020, 11:17pm

@war59312,

Indeed. You would think that having mandated DNSsec for security reasons years ago our government would actually get around to making it work.

— OG

war59312 · July 8, 2020, 11:40pm

Yea, maybe once ARCYBER is really done migrating off WinXP

system · June 18, 2021, 9:50pm