I'm looking for a DNS contact for medicare.gov (and cms.gov). They are
failing DNSSEC validation.
Emails to hostmaster, webmaster, and postmaster bounce, as does
dnsadmin@rdcms.eds.com (from their SOA) and dnsadmin@eds.com (from
eds.com's WHOIS). WHOIS for .gov is essentially empty.
HHS_ITIO_Service_Desk@hhs.gov was suggested to me, but a person at that
address said medicare.gov was not their responsibility and did not
provide any further contact information.
Thanks,
Richard
You should contact the us-cert. They will have contacts to help you resolve the issue.
Ditto. Similar to uspto.gov not too long ago.
Try posting to dns-operations.
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Almost certainly some *.gov dns admins lurking there.
Cheers,
Nate Itkin
There's a thread going on about .gov dnssec changes going on. This could be the source of your issues.
Did you get a contact? If not, I know someone over there.
J
Seeing it still broken, I contacted someone over at Lockheed who
works over at CMS. They're escalating to "the appropriate
support vendor."
-cjp
Ditto.
Thank you both for forwarding this. Some progress has been made:
I received a response saying they believed they had it fixed. From my
testing, medicare.gov is fixed, but cms.gov is still broken (though in a
different way, I think). I replied as such and also requested corrected
SOA records.
Thanks again,
Richard
In message <1293658659.2817.17.camel@watermelon.coderich.net>, Richard Laager w
> > I'm looking for a DNS contact for medicare.gov (and cms.gov). They are
> > failing DNSSEC validation.
>=20
> Seeing it still broken, I contacted someone over at Lockheed who
> works over at CMS. They're escalating to "the appropriate
> support vendor."Thank you both for forwarding this. Some progress has been made:
I received a response saying they believed they had it fixed. From my
testing, medicare.gov is fixed, but cms.gov is still broken (though in a
different way, I think). I replied as such and also requested corrected
SOA records.Thanks again,
Richard
Correct cms.gov is still broken the DS records don't match any of the
DNSKEY records. 10672 != 12456 or 27229
Mark
; <<>> DiG 9.6.0-APPLE-P2 <<>> ds cms.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21811
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cms.gov. IN DS
;; ANSWER SECTION:
cms.gov. 30410 IN DS 10672 5 1 F11F940C51B90CEB818350F1C7049DD8D54050D8
cms.gov. 30410 IN DS 10672 5 2 A99B67A100FD5EFD0E393FD0C87A6B00424B6A4A032637BC7A11D732 E05AD5BB
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 31 00:12:23 2010
;; MSG SIZE rcvd: 109
; <<>> DiG 9.6.0-APPLE-P2 <<>> +cd dnskey +multi cms.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62756
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cms.gov. IN DNSKEY
;; ANSWER SECTION:
cms.gov. 349199 IN DNSKEY 256 3 5 (
AwEAAaSsgUpPtXC4xOHnX//jDm4d4xegc9zupcXwICfm
4jeBD+ZNHJeTSrxPnILqDb310Jxy6UDi6ye0ipOWG8z6
b1oOwmF8LRnpWs+bi9X+AivagVXP2xQQe/pev8KrmMFs
UcLZ1PX4w+GxNgsoUGre235fv9IM/EfdD33zSNxeA463
) ; key id = 12456
cms.gov. 349199 IN DNSKEY 257 3 5 (
AwEAAbZbZW7J+O5/tSwDVrGsv5KDDB7HvItDVeQLvdpr
GdyJPVlUvs+u87hsCDU96SwmicXTDGdWZFDmj3x22O4p
dERsrKoKYpOAoNR3VLgXMToRZmUnaLZf/MqO+H/54PE7
Ij7oorWmPJpIZrYzn28MMIiOkH1xOS7eDL2NZ4q06oDN
vSDefX3HA5i2sUcOureEFUo6gUkLFkY/uPJ3y35A8uz1
KvGd4851UAEfq76sawDl+3uKzETDS5grwmK58NbKKB2O
5SAcAS3OxBMriKLUHjsPpwoxKoG5Mc+jA0egIn7tUAQU
zzI0HHnspZvZUEbW18uMTFAQX2du2eyGcMwvGEs=
) ; key id = 27229
;; Query time: 304 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec 31 00:12:47 2010
;; MSG SIZE rcvd: 449