1.1.1.1 SERVFAIL for multiple US CDC websites

1.1.1.1 is unable to resolve multiple US CDC websites including ones for COVID-19 related data:

covid.cdc.gov
gis.cdc.gov

These problems started about a month ago for the GIS site. In my testing, a selection of other DNS sites are able to resolve these (such as 8.8.8.8).

From diagnostic tool:

It seems to fail at 8.8.8.8 for me as well. The issue is the covid.cdc.gov is an alias for covid.akam.cdc.gov:

$ kdig @ns1.cdc.gov covid.cdc.gov A +short
covid.akam.cdc.gov.
covid.cdc.gov.edgekey.net.

But akam.cdc.gov can’t resolve because it has a trust anchor but no key:

$ kdig @ns1.cdc.gov akam.cdc.gov DS +short
9861 10 2 DD184EC6BAAF5BC07022140AE080EFFE9ED379C57BACCEBDD2678DCE3988B867
$ kdig @ns1.cdc.gov akam.cdc.gov DNSKEY +short
<nothing>

I’ll try to reach out to CDC.

1 Like