[tz] Blocked USNO sites was: Updated Public Domain leapseconds.list
tzocd at yahoo.com
Sat Jul 6 19:27:53 UTC 2019
Brian et al, DoD sites are subject to frequent attack from the
Internet. One of their defense strategies is to "go turtle"".
Sometimes they're not there at all but, more often, they
isolate just portion of their "space". (TRACERT ends in
never-neverland.) I have discovered that, when this happens,
the Navy.Mil and USNO.Navy.Mil DNS servers are often not
reachable. As a result, while USNO sites are actually available
though the Naval Oceanographic Portal (NoP) (point of presence
(PoP) in Portsmouth, VA), their DNS entries are not. I,
personally, solved part of this problem by adding the USNO
sites I use to /etc/host (or its Windows equivalent,
%WINDIR%\System32\drivers\etc\hosts). These are:
# Charon is a USNO.Navy.Mil DNS server on the NOP
184.108.40.206 charon.usno.navy.mil charon.nofs.navy.mil
MAIA also has backup servers for their data at NASA
Goldstone Space Flight Center (cddis.gsfc.nasa.gov)
and, as Brian mentioned, toshi.nofs.navy.mil.
(At this instant, MAIA and Toshi are unavailable via
HTTP but FTP is just fine (with /etc/host entries).
If one is running a local DNS server, adding a pointer to
USNO.Navy.Mil with a Charon.USNO.Navy.Mil NS RR
might help the cause...
Since I've done these things (particularly the /etc/hosts
entries), I rarely have problems reaching USNO sites.
Also, sometimes, DoD restrict themselves to Secure DNS.
As I've got (some of) the certificate information installed,
I may not have problems where others might.
Lastly, occasionally I can't reach MAIA via HTTP but FTP works
just fine. (I've just change my references to ser7.dat to FTP
for that reason.)
(Pardon my edits to the following. No words were removed...)
> On Sat Jul 6 16:12:26 UTC 2019, Brian Inglis Brian.Inglis at SystematicSw.ab.ca wrote:
>>On 2019-07-05 15:55, Chris Woodbury via tz wrote:
>> # This NTP leap-second file was created with data obtained from
>> # the United States Naval Observatory (USNO) MAIA FTP server.
>> # Find it at: <ftp://maia.usno.navy.mil/ser7/leapsec.dat>
>> # See: http://maia.usno.navy.mil/ser7/ser7.txt
> Seems to be some DNS resolver and network blocking, possibly only
> outside the US, to maia.usno.navy.mil ; interactive web browser access
> and Naval Oceanography Portal to tycho.usno.navy.mil and aa.usno.navy.mil
> mostly work, but web browser ftp access does not, and non web browser
> resolution and access do not, e.g. host or wget; however everything resolves
> and is accessible form the browser and command line from toshi.nofs.navy.mil.
> Some other previous reports back this up, but there were no followups to say
> whether issues were temporary and cleared up, or persisted and were permanent.
> It may be possible that lookups or accesses may be rate limited to deter
> intrusions, or entries may have expired because they may be offline for July 4
> thru the weekend, or sites may be blocked due to lack of monitoring staff or
> funding for non-defense services.
More information about the tz