Re: DNS resolution for hhs.gov

[Doug Barton <dougb () dougbarton us>]

Responses in line below.

Doug


On 4/11/23 8:12 AM, Samuel Jackson wrote:
> I wanted to run this by everyone to make sure I am not the one losing my 
> mind over this.
>
> A dig +trace cob.cms.hhs.gov <http://cob.cms.hhs.gov> fails for me as it 
> looks like the NS for hhs.gov <http://hhs.gov> does not seem to resolve 
> the hostname.

They shouldn't, since cms.hhs.gov is a delegated subzone. (Also, resolve 
is the wrong term, since those are authoritative servers, not 
resolvers.) The hhs.gov name servers are not authoritative for the 
cms.hhs.gov zone.

Using `dig +trace cob.cms.hhs.gov` worked for me just now, so it's 
possible that they fixed something in response to Mark's message.

> However dig +trace cms.hhs.gov <http://cms.hhs.gov> resolves and so does 

That makes sense, delegated sub zone.  :)

> dig +trace eclkc.ohs.acf.hhs.gov <http://eclkc.ohs.acf.hhs.gov>

No delegated sub zones in the path here, so the hhs.gov name servers are 
authoritative for this host.

> However if I simply ask my local resolver to resolve cob.cms.hhs.gov 
> <http://cob.cms.hhs.gov>, it works. Any thoughts on why this is the case?

Because it's getting the answer from the child zone (cms) like it should.

I'm sort of curious about what `dig +trace` results you received 
originally that made you believe that you weren't getting the right 
response. Are you currently seeing what you expect to see?