Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
NSA.gov is down (nsa.gov)
37 points by frsandstone on June 24, 2013 | hide | past | favorite | 26 comments


http://www.nsa.gov is up.

I have noticed lately that an awful lot of the government domains no longer have a webserver answering for the root domain and or do not have an a record at the root domain.

  $ unbound-host -v navy.mil
  navy.mil has no address (secure)
  navy.mil has no IPv6 address (secure)
  navy.mil mail is handled by 5 mx14.nmci.navy.mil. (secure)
  navy.mil mail is handled by 5 mx15.nmci.navy.mil. (secure)
  navy.mil mail is handled by 5 mx13.nmci.navy.mil. (secure)
  $ unbound-host -v dod.mil
  dod.mil has no address (secure)
  dod.mil has no IPv6 address (secure)
  dod.mil has no mail handler record (secure)
  $ unbound-host -v nga.mil
  nga.mil has no address (secure)
  nga.mil has no IPv6 address (secure)
  nga.mil mail is handled by 5 mailnde.nga.mil. (secure)
  nga.mil mail is handled by 5 mailarn.nga.mil. (secure)
Updated:

In addition to the "trend" I mentioned they might be doing maintenance. The dnssec records for nsa.gov are borked at the moment:

http://dnssec-debugger.verisignlabs.com/nsa.gov

dnsviz at sandia is super slow lately, which sucks. But you can compare verisign's answer to sandia's if you want:

http://dnsviz.net/d/nsa.gov/dnssec/

http://dnsviz.net/d/www.nsa.gov/dnssec/


Looks like just misconfigured web server. www.nsa.gov works fine vs. nsa.gov times out.

Edit: www goes to an Akamai CDN vs bare domain goes to a straight IP address.


NASA is also configured this way. It drives me nuts because half the time when I want to visit NASA's site I type `nasa.gov` and get nothing until I remember they need the `www.`. It might just be common to how some government sites are configured.

Clickable links:

http://nasa.gov/

http://www.nasa.gov/


Here is a NASA article about why they don't have the redirection : http://blogs.nasa.gov/cm/blog/nasadotgov/posts/post_13068608...


I hate it when people do this. Can we just pretend www doesn't exist anymore?


Servers with archaic configurations are quite difficult to change like that. Besides, I can reasonably assume the NSA, like most major government agencies, uses some wonky, overly complicated rats' nest of a CMS that croaks with/out the www.


The problem I've always had with this is that DNS root levels (., no www) can't be a CNAME - unless there are any DNS gurus in the audience that can point to some alternate configuration I've overlooked.


No, you're right - it's a serious limitation. Ultimately just a trade-off to consider. As with anything, neither is obviously superior.


You can always just serve a redirect to www.example.com. Doesn't have to be a high-powered redundant server or anything (just secure).


We force the www. at work because of DNS limitations.


If it's DDOS (or even if it's not), what insignificance. Does anyone think anything important runs off of their public website?

https://xkcd.com/932/


Xkcd, ironically, has an even more common hiccup with domains. Notice the https:// . This makes every style and background stuff break on browsers that enforce HTTPS consistency because these are served from "imgs" subdomain, which doesn't have SSL and/or has a hard coded http:// in the template.


I'm curious, why the https? Muscle memory?


I bet the answer is HTTPS Everywhere. The only bad thing about it is the mixed content blocking, but I still think everyone should use it.

There was a link to schneier's blog here recently and a few people mentioned that his cert was expired. I am willing to be that everyone who saw the cert warning were httpseverywhere users.

https://www.eff.org/https-everywhere


I didn't post it, but I assume s/he was cutting and pasting from their URL bar, and they use HTTPS Everywhere or similar to encourage their browser to always prefer HTTPS connections (which xkcd provides, but to my ongoing annoyance, Amazon does not).

https://www.eff.org/https-everywhere

One could argue this should be a built-in option these days....


Unfortunately, xkcd (along with NYTimes and probably others) link to CSS/JS resources at http:// URLs, which defeats the security of HTTPS. The next version of Firefox will block mixed content in these cases, and being on the alpha channel, I've had to disable HTTPS Everywhere for these sites.


Perhaps he's using HTTPS Everywhere.


If it does turn out to be an attack, the perpetrator must be extremely well endowed in the gonad department. Although you can never be sure with government websites, you'd expect that the NSA's servers would be fairly well hardened. So successfully defeating them seems to imply someone who will understand that they're poking a nest of the smartest and most well-connected hornets in the world.


Oh I doubt the NSA cares much about their website. It's such an obvious soft target. They would have to be complete imbeciles to have anything of any remote value to hackers connected to that server.


Oh no, not the NSA site! I rely it so much! See, this is why I run my own surveillance.

Really, I'd ask so what? How probable is it that they're just doing regular maintenance at 1am (EDT)? I think likely. But lets pollute what used to be a pretty great front page with baseless speculation over nothing. Even if it was an attack, how utterly meaningless. NSA website does not equal NSA internal network.


They probably need the CPU cycles somewhere else. Maybe a lot of calls going on right now...


I wonder what's going on..


I assume some one is DDoSing them or hacking them or it might just be maintenance.


If it's a DDoS attack, reminds me of this xkcd: http://xkcd.com/932/


http://www.nsa.gov/ works fine


Or some maintenance ?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: