For the past couple of months, there has been an ongoing issue with the cap.gov and capnhq.gov domains and Google. For some reason, Google doesn't like something with the DNS servers for our two domains and it has broken email and web sites for wings that use the cap.gov domain. This means if you use Google Apps to host your wing's email and you use me@mywing.cap.gov, email has gotten a bit wonky lately.

Today eServices has disappeared from Google's DNS servers, so if you use Google for your DNS needs, you can't reach eServices. You'll have to change your DNS to another provider.

I've asked around a little and from what I've been told, our vendor who handles the .gov domains for us has said Google needs to change their systems. I don't hold out hope for that to happen any time soon.

Quote from: UWONGO2 on May 24, 2017, 12:07:20 AM

our vendor who handles the .gov domains for us

CAP member? Friend of the family? Was this put out to bid, and the lowest bidder won? Etc., etc. ...

Looks like cap.gov is working with Google but capnhq.gov is not at the moment.


> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53

> www.cap.gov
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   www.cap.gov
Address: 207.201.204.67


> www.capnhq.gov
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find www.capnhq.gov: SERVFAIL

> server 4.2.2.2
Default server: 4.2.2.2
Address: 4.2.2.2#53

> www.capnhq.gov
Server:         4.2.2.2
Address:        4.2.2.2#53

Non-authoritative answer:
www.capnhq.gov  canonical name = capnhq.gov.
Name:   capnhq.gov
Address: 207.201.204.67

Somewhat related, speaking of Vendors .... is the vendor list posted somewhere or is it all secret hush-hush?

As a website design, development and hosting company owner, I would really like to know what company developed eServices and WMIRS, so I can steer folks I like away from them and can steer my enemies toward them.

Quote from: UWONGO2 on May 24, 2017, 12:07:20 AMThis means if you use Google Apps to host your wing's email and you use me@mywing.cap.gov, email has gotten a bit wonky lately.

No, it hasn't, at least not generally.

I'm not discounting that you are having issues, or even your wing, but there's no general problem, and if you're using quad 8's as your DNS, which >is< Google, then Google needing to change isn't really relevent (nor going to happen).

Users logged into the Google email web front end, no matter how they get there, aren't going to have any issues, by design. you're using Outlook,
may (insert deity) have mercy on your (insert non-verifiable, non-corporeal concept).

I administer or use 9 different GSuite domains, plus gmail. Last week I was involved in a multi-state eval, had to monitor multiple
Gmail and GSuite accounts, not to mention emails from untold  cap.gov domains, including wings and NHQ.

No issues (other then mental bandwidth).

You need to lookup MX records, not the website.

cap.gov comes back as Google, but capnhq.gov is an Office365 domain...

...which explains SOOOOOO much.

https://mxtoolbox.com/

Quote from: Eclipse on May 24, 2017, 01:58:45 AM
You need to lookup MX records, not the website.

cap.gov comes back as Google, but capnhq.gov is an Office365 domain...

...which explains SOOOOOO much.

https://mxtoolbox.com/

Doesn't much matter what type of record you look up - MX, A, etc.. The question is why Google's DNS server won't do a recursive lookup on the capnhq.gov domain. 


They both have different authoritative name servers, so it could be a simple issue of a network problem between Google and the capnhq.gov nameserver.

cap.gov
        origin = ns5.cap.gov

capnhq.gov
        origin = dnssec7.datamtn.com

OK, one step back.

What's the actual issue here? (I'm sitting in a DC hotel room overtired with a hard Root Beer in me.)

CAP.gov is a GSuite domain, so of course it won't have issues finding it, but capnhq.gov is office (gag)365, and the MX resolves to
some MS nonsense about "outlook protection.com", so who knows where those packets are, or aren't allowed to roll.

No one using quad 8's is going to have issues using or finding cap.gov, the other?  Who knows.

What's the core issue?

Also, I've seen some issues internet providers where 4x8 doesn't work, with the provider mandating using their
DNS.  Comcast likes to do this, especially. (Also seen it the other way).

Quote from: Eclipse on May 24, 2017, 02:54:37 AM

What's the core issue?

Apparently Google's DNS cannot resolve anything in the capnhq.gov domain.   As other DNS servers can, it would appear that there is some issue - network being the most likely - preventing Google's DNS server from contacting the authoritative DNS server for the capnhq.gov domain. 

So, for example, Google's DNS server cannot resolve the A record for www.capnhq.gov.   Every other DNS server that I have tried can.   

I was doing some heavy work in eservices when it went down. Good think I printed my sign in sheet prior to breaking it. Other than that, it came back by meeting time.

I was having issues accessing eServices this morning too.  I manually changed my DNS to OpenDNS (208.67.222.222) and I was able to resolve www.capnhq.gov and then eServices came right up in the browser.

Wish I knew what you guys are saying. Its all greek to me. I have tried Chrome, Firefox, and Edge/Bing. Can't get on to WMIRS. Can you put the fix in some simple steps for us that are not software smart. I just click and it works or in this case doesn't. Why I don't know. Thanks in advance.

I haven't been able to log in since Monday, I think. Different browsers doesn't matter for me. Using OpenDNS hasn't helped either.

If you're having this issue someone ha changed you DNS to quad 8s.

Call your grandson or the 10 year old down the street and ask him to
switch it back to your isp's.

Quote from: Eclipse on May 24, 2017, 04:29:52 PM
If you're having this issue someone ha changed you DNS to quad 8s.

Call your grandson or the 10 year old down the street and ask him to
switch it back to your isp's.

Except it isn't working on my cell, home or office networks.

From >anywhere<?

Working for me from a T-Mobile hotspot sitting in DCA.

Quote from: Eclipse on May 24, 2017, 08:49:51 PM
From >anywhere<?

Working for me from a T-Mobile hotspot sitting in DCA.

It's back up now, but when the outages happened, it wasn't working on ANY of my devices or networks.