Cdc.gov not resolving

kovatsgeorge · December 11, 2020, 4:37pm

cdc.gov isn’t resolving?

nslookup www.cdc.gov
;; Got SERVFAIL reply from 1.1.1.1, trying next server
;; Got SERVFAIL reply from 1.0.0.1, trying next server
Server:		2606:4700:4700::1111
Address:	2606:4700:4700::1111#53
** server can't find www.cdc.gov: SERVFAIL

sdayman · December 11, 2020, 4:39pm

@mvavrusa was checking on this a while back. Maybe he’s found out what the problem was/is.

mvavrusa · December 11, 2020, 5:04pm

There’s a subset of nameservers for akam.cdc.gov that doesn’t return keys https://dnsviz.net/d/www.cdc.gov/dnssec/ so if you’re unlucky it’s going to fail. I added another workaround so it should be better.

kovatsgeorge · December 11, 2020, 5:14pm

Either I was unlucky or that worked. @mvavrusa looks good now on my end, thanks!

subwayjared · January 14, 2021, 5:36am

I had to disable DNSSEC on my DNS server to visit.

jglazko · January 16, 2021, 4:32pm

Agreed, having issues reaching cdc.gov this morning. Looks like culprit is as posted above. Maybe some more yet to add?

|Jan 16 11:08:37|unbound|56538:0|info: control cmd: dump_infra|
| --- | --- | --- | --- |
|Jan 16 11:08:35|unbound|56538:1|info: Could not establish a chain of trust to keys for akam.cdc.gov. DNSKEY IN|
|Jan 16 11:08:35|unbound|56538:1|info: Missing DNSKEY RRset in response to DNSKEY query.|
|Jan 16 11:08:35|unbound|56538:1|info: query response was nodata ANSWER|
|Jan 16 11:08:35|unbound|56538:1|info: reply from <.> 1.0.0.1#853|
|Jan 16 11:08:35|unbound|56538:1|info: response for akam.cdc.gov. DNSKEY IN|
|Jan 16 11:08:35|unbound|56538:3|info: Could not establish a chain of trust to keys for akam.cdc.gov. DNSKEY IN|
|Jan 16 11:08:35|unbound|56538:3|info: Missing DNSKEY RRset in response to DNSKEY query.|
|Jan 16 11:08:35|unbound|56538:3|info: query response was nodata ANSWER|
|Jan 16 11:08:35|unbound|56538:3|info: reply from <.> 1.0.0.1#853|
|Jan 16 11:08:35|unbound|56538:3|info: response for akam.cdc.gov. DNSKEY IN|

anquieta · March 5, 2021, 4:50am

@mvavrusa Issue with www.cdc.gov resolving seems to have re-emerged when using Cloudflare DNS over HTTPS. Using WARP doesn’t seem to have an issue though.

mvavrusa · March 5, 2021, 5:46am

Is it working better now? Some upstreams seem to be having trouble.

anquieta · March 5, 2021, 8:04pm

Sadly, no. Just retried.

Also want to correct my previous post. I’m using 1.1.1.1 with DNS over TLS (with unbound as a client).

anquieta · March 8, 2021, 6:55am

Reloaded unbound today and www.cdc.gov started resolving.

david.kassa · March 30, 2021, 9:44pm

I had this problem and it went away around the same time as this thread, but has returned for me today.

kovatsgeorge · March 30, 2021, 10:14pm

@mvavrusa Sorry, re-reading you earlier post - does it look like there’s something with akam.cdc.gov DNS that needs fixed? Not versed in DNS nuances - if this is enough to report up, I can escalate with their sysops folks.

anquieta · April 6, 2021, 8:20am

@mvavrusa Issue returned for me as well. Nothing cdc.gov resolves.

mvavrusa · April 6, 2021, 6:52pm

Thanks for letting me know! Hm, I don’t see any widespread problems. Can you add an example domain and/or https://1.1.1.1/help debug info?

anquieta · April 8, 2021, 12:55am

Seems to be working again…