nanog mailing list archives
Re: .mil domain
From: "Mark T. Ganzer" <ganzer () san rr com>
Date: Fri, 30 May 2003 13:29:13 -0700
One already is. The H server resides at the Army Research Lab, which is connected to DREN (AS668).
FWIW there is not a single homogeneous .mil network. There are several DoD networks that provide service to customer organizations, and some of the major public DoD sites are also directly connected to commercial ISP's. Also different services and sites may have different policies as to who they allow access from. So without knowing the destination address, it's hard to be able to tell someone who thinks they are being blocked who to contact. If you can't reach a site directly, try their upstream providers and see if they can help provide a POC. Try looking at the aspath for the destination, and if any of the following show up, try these POC's:
AS668 (DREN) 866-NOC-DREN or noc () dren net AS7170 (ATT-DISC) 888-DISC-USA or noc () att-disc netAS568 (DISN) DISA GNOSC at 703-607-4001 or the Columbus RNOSC at 800-554-3476
For security related issues, try contacting the DoD CERT (www.cert.mil, 800-357-4231). All of the services have their own CERT as well, however they all coordinate with this organization.
-Mark Ganzer Space & Naval Warfare Systems Center, San Diegoganzer () spawar navy mil note: this is posted from my personal email account, not my work account).
Mark Borchers wrote:
Suggestion: migrate the current MIL root servers to the DREN network. Thus they would be easily accessible from DoD's networks, while residining in front of any MIL filters or blackhole routers relative to the rest of the Internet.On Fri, 30 May 2003, Mike Tancsa wrote:At 01:15 PM 30/05/2003 -0500, Stephen Sprunk wrote:For the same reason anyone else accepts their routes --because they want tobe able to reach them. If they don't want to reach _you_, that's their choice.As Sean Donelan pointed out, the fact that 2 of the root nameservers areinside their network, there is more to the issue than yousuggest.... I forexample want people in Australia to be able to reliably lookupDNS info onmy domains. The .mil people have decided to hamper this process.I agree. The root servers should have no filtering in place to block any demographics (unless of course a given node is DoSing them). The last time I tried to contact a .mil to report an open relay that was being abused, I was accused of being a spammer that had "hacked" their server. Since that time I reject .mil mail. Justin
Current thread:
- Re: .mil domain, (continued)
- Re: .mil domain Stephen Sprunk (May 30)
- Re: .mil domain John Payne (May 30)
- Re: .mil domain Randy Bush (May 30)
- Re: .mil domain John Payne (May 30)
- Moving G and H off .MIL hosts (was Re: .mil domain) Sean Donelan (May 30)
- Re: .mil domain Eric Brunner-Williams in Portland Maine (May 30)
- Re: .mil domain Stephen Sprunk (May 30)
- Re: .mil domain Mike Tancsa (May 30)
- Re: .mil domain listuser (May 30)
- RE: .mil domain Mark Borchers (May 30)
- Re: .mil domain Mark T. Ganzer (May 30)
- Re: .mil domain Ryan Mooney (May 30)
- Re: .mil domain Randy Bush (May 30)
- Re: .mil domain Richard Irving (May 30)
- Message not available
- Re: Moving G and H off .MIL hosts (was Re: .mil domain) Kevin Day (May 30)
- Re: .mil domain Tony Rowley (May 30)
- Re: .mil domain Dan Hollis (May 30)
- Re: .mil domain Tony Rowley (May 30)
- Re: .mil domain Dan Hollis (May 30)
- Re: .mil domain David Lesher (May 30)
- Re: .mil domain Jack Bates (May 30)