nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unable to Resolve .mil from some subnets

From: Alex Buie via NANOG <nanog () lists nanog org>
Date: Wed, 11 Mar 2026 18:57:04 -0400
Thanks to all who replied off-list and got me pointed in the right
direction. Ultimately this appears to have been caused by a
misclassification of these subnets at MaxMind; once I got that resolved
with MaxMind support, all is back to copacetic.

Appreciate it!


On Tue, Mar 10, 2026 at 3:02 PM Alex Buie <abuie () cytracom com> wrote:


Facing an interesting problem with .mil and wondering if anyone has
experienced this or has any ideas.

The .mil nameservers appear to be unresponsive to requests from some of
our subnets (AS396163) starting in the last day or two.

Specifically seems to be these:

mil.                        172800        IN        NS
con1.nipr.mil.
mil.                        172800        IN        NS
con2.nipr.mil.
mil.                        172800        IN        NS
eur1.nipr.mil.
mil.                        172800        IN        NS
eur2.nipr.mil.
mil.                        172800        IN        NS
pac1.nipr.mil.
mil.                        172800        IN        NS
pac2.nipr.mil.

199.252.157.234 / 199.252.162.234 / 199.252.154.234 / 199.252.143.234 /
199.252.180.234 / 199.252.155.234


Subnets that are able to reach / query these servers:
104.234.21.0/24
104.234.31.0/24

Subnets that are not able to query these servers:
166.0.64.0/24
166.0.65.0/24
166.0.66.0/24
166.0.67.0/24

These subnets are announced out of the same carrier mix
(Zayo/Cogent/Lumen) but are geographically distributed around the US. I
have checked an RPKI validator to see if there was a difference between the
working and non-working ones, but all are showing RPKI valid. Path-wise we
either take Zayo which hands off to Lumen or we take Lumen directly, but
that does not seem to have an affect on the queries returning.

I did notice that the working ones have an ISPSS Level3 hop at the end of
the chain, whereas the non-working ones have a hop into an edge for
lumen.tech but no further responses.

Curious if anyone else has found a change or difficulty reaching these
hosts or are seeing DNS resolution issues for .mil TLD domains. Also open
to troubleshooting ideas for further isolating the cause.

Thanks!

Alex




_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/D5EENYSE26LLS7GCRAOAZQWWWNB3GZEA/
Previous By Date Next
Previous By Thread Next

Current thread: