

NSA.gov is down - frsandstone
http://nsa.gov

======
dfc
[http://www.nsa.gov](http://www.nsa.gov) is up.

I have noticed lately that an awful lot of the government domains no longer
have a webserver answering for the root domain and or do not have an a record
at the root domain.

    
    
      $ unbound-host -v navy.mil
      navy.mil has no address (secure)
      navy.mil has no IPv6 address (secure)
      navy.mil mail is handled by 5 mx14.nmci.navy.mil. (secure)
      navy.mil mail is handled by 5 mx15.nmci.navy.mil. (secure)
      navy.mil mail is handled by 5 mx13.nmci.navy.mil. (secure)
      $ unbound-host -v dod.mil
      dod.mil has no address (secure)
      dod.mil has no IPv6 address (secure)
      dod.mil has no mail handler record (secure)
      $ unbound-host -v nga.mil
      nga.mil has no address (secure)
      nga.mil has no IPv6 address (secure)
      nga.mil mail is handled by 5 mailnde.nga.mil. (secure)
      nga.mil mail is handled by 5 mailarn.nga.mil. (secure)
    

Updated:

In addition to the "trend" I mentioned they might be doing maintenance. The
dnssec records for nsa.gov are borked at the moment:

[http://dnssec-debugger.verisignlabs.com/nsa.gov](http://dnssec-
debugger.verisignlabs.com/nsa.gov)

dnsviz at sandia is super slow lately, which sucks. But you can compare
verisign's answer to sandia's if you want:

[http://dnsviz.net/d/nsa.gov/dnssec/](http://dnsviz.net/d/nsa.gov/dnssec/)

[http://dnsviz.net/d/www.nsa.gov/dnssec/](http://dnsviz.net/d/www.nsa.gov/dnssec/)

------
ralphshao
Looks like just misconfigured web server. www.nsa.gov works fine vs. nsa.gov
times out.

Edit: www goes to an Akamai CDN vs bare domain goes to a straight IP address.

~~~
rublind
I hate it when people do this. Can we just pretend www doesn't exist anymore?

~~~
ecaron
The problem I've always had with this is that DNS root levels (., no www)
can't be a CNAME - unless there are any DNS gurus in the audience that can
point to some alternate configuration I've overlooked.

~~~
wahnfrieden
No, you're right - it's a serious limitation. Ultimately just a trade-off to
consider. As with anything, neither is obviously superior.

------
fiatmoney
If it's DDOS (or even if it's not), what insignificance. Does anyone think
anything important runs off of their public website?

[https://xkcd.com/932/](https://xkcd.com/932/)

~~~
Whitespace
I'm curious, why the https? Muscle memory?

~~~
frossie
I didn't post it, but I assume s/he was cutting and pasting from their URL
bar, and they use HTTPS Everywhere or similar to encourage their browser to
always prefer HTTPS connections (which xkcd provides, but to my ongoing
annoyance, Amazon does not).

[https://www.eff.org/https-everywhere](https://www.eff.org/https-everywhere)

One could argue this should be a built-in option these days....

~~~
graue
Unfortunately, xkcd (along with NYTimes and probably others) link to CSS/JS
resources at [http://](http://) URLs, which defeats the security of HTTPS. The
next version of Firefox will block mixed content in these cases, and being on
the alpha channel, I've had to disable HTTPS Everywhere for these sites.

------
bpatrianakos
Oh no, not the NSA site! I rely it so much! See, this is why I run my own
surveillance.

Really, I'd ask so what? How probable is it that they're just doing regular
maintenance at 1am (EDT)? I think likely. But lets pollute what used to be a
pretty great front page with baseless speculation over nothing. Even if it was
an attack, how utterly meaningless. NSA website does not equal NSA internal
network.

------
foxylad
If it does turn out to be an attack, the perpetrator must be extremely well
endowed in the gonad department. Although you can never be sure with
government websites, you'd expect that the NSA's servers would be fairly well
hardened. So successfully defeating them seems to imply someone who will
understand that they're poking a nest of the smartest and most well-connected
hornets in the world.

~~~
krapp
Oh I doubt the NSA cares much about their website. It's such an obvious soft
target. They would have to be complete imbeciles to have anything of any
remote value to hackers connected to that server.

------
hiddenfeatures
They probably need the CPU cycles somewhere else. Maybe a lot of calls going
on right now...

------
shire
I wonder what's going on..

------
C1D
I assume some one is DDoSing them or hacking them or it might just be
maintenance.

~~~
slacka
If it's a DDoS attack, reminds me of this xkcd:
[http://xkcd.com/932/](http://xkcd.com/932/)

------
thejosh
[http://www.nsa.gov/](http://www.nsa.gov/) works fine

------
rikacomet
Or some maintenance ?

