[dns-operations] Trouble looking up various axc.nl TLSA RRs via Cloudflare DNS
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Oct 3 17:42:41 UTC 2019
Yesterday I wrote:
> Lately I am seeing unexpected failures resolving axc.nl MX host
> TLSA records when Cloudflare happens to be used to resolve the
> query.
>
> Can anyone from Cloudflare offer an explanation? Is this is a
> feature or a bug?
>
> [...]
>
> _25._tcp.mail.axc.nl. IN TLSA ? ; NXDomain AD=0
> axc.nl. IN SOA nsi1.axc.nl. hostmaster at axc.nl. 2019100301 28800 7200 2419200 86400 ; AD=0
It looks like the issue may have been resolved today. Now I see the
expected reply also from Cloudflare:
_25._tcp.mail.axc.nl. IN TLSA ? ; NXDomain AD=1
axc.nl. IN SOA nsi1.axc.nl. hostmaster at axc.nl. 2019100301 28800 7200 2419200 86400
axc.nl. IN RRSIG SOA 8 2 14400 20191017000000 20190926000000 23340 axc.nl. <sig>
mail.axc.nl. IN NSEC mail-in.axc.nl. A RRSIG NSEC
mail.axc.nl. IN RRSIG NSEC 8 3 86400 20191017000000 20190926000000 23340 axc.nl. <sig>
If the previous symptoms were not intermittent (not still unresolved),
thanks for taking care of the problem. If possible, a brief
post-mortem analysis would be great...
--
Viktor.
More information about the dns-operations
mailing list