[dns-operations] Trouble looking up various axc.nl TLSA RRs via Cloudflare DNS

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Oct 3 17:42:41 UTC 2019


Yesterday I wrote:

> Lately I am seeing unexpected failures resolving axc.nl MX host
> TLSA records when Cloudflare happens to be used to resolve the
> query.
> 
> Can anyone from Cloudflare offer an explanation?  Is this is a
> feature or a bug?
>
> [...]
> 
>	_25._tcp.mail.axc.nl. IN TLSA ? ; NXDomain AD=0
>	axc.nl. IN SOA nsi1.axc.nl. hostmaster at axc.nl. 2019100301 28800 7200 2419200 86400 ; AD=0

It looks like the issue may have been resolved today. Now I see the
expected reply also from Cloudflare:

    _25._tcp.mail.axc.nl. IN TLSA ? ; NXDomain AD=1
    axc.nl. IN SOA nsi1.axc.nl. hostmaster at axc.nl. 2019100301 28800 7200 2419200 86400
    axc.nl. IN RRSIG SOA 8 2 14400 20191017000000 20190926000000 23340 axc.nl. <sig>
    mail.axc.nl. IN NSEC mail-in.axc.nl. A RRSIG NSEC
    mail.axc.nl. IN RRSIG NSEC 8 3 86400 20191017000000 20190926000000 23340 axc.nl. <sig>

If the previous symptoms were not intermittent (not still unresolved),
thanks for taking care of the problem.  If possible, a brief
post-mortem analysis would be great...

-- 
	Viktor.


More information about the dns-operations mailing list