

Why doesn't nasa.gov have a root A record? - mangeletti

I attempted to visit http:&#x2F;&#x2F;nasa.gov&#x2F;, but got &quot;Server not found&quot;, so I checked https:&#x2F;&#x2F;dnsquery.org&#x2F;dnsquery&#x2F;nasa.gov&#x2F;A and there is no A record. Does anyone know why not?
======
yebyen
I would say this looks like an oversight, but maybe not.

There is an A-record for www -- the canonical reason I heard "back when it was
common" for leaving the origin record blank was that your domain might have
several different hosts providing different services across different
protocols, and you don't want to lead anyone to believe that they can "just go
to nasa.gov" and access the FTP archives there.

Dumbing it down a bit but that's the idea.

In actual practice, it seems very uncommon today to leave the origin record
blank like this, and I think it's probably an oversight, or a side effect of
an organization being around since the internet began in a bureaucracy as
large as the US government. It would probably take an act of congress to get
this updated, only half-joking.

Unfortunately domains and DNS servers that allow public AXFR for easy
discovery of answers to questions like this (what other subdomains does
nasa.gov respond to?) are just about as few and far between.

Not least of which on the list of reasons, because I believe AXFR can be used
in redirection/amplification style DDOS attacks, so it's probably considered a
vulnerability to respond to AXFR from arbitrary requestors.

