[dns-operations] Cloudflare considered harmful?

Marek Vavruša marek at vavrusa.com
Fri Apr 17 20:19:02 UTC 2020


This should be fixed as of yesterday.

On Thu, 16 Apr 2020 at 13:19, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> On Thu, Apr 16, 2020 at 11:47:53AM -0700, Vicky Shrestha wrote:
>
> > The fix is being rolled out to our canary POPs and it should be deployed in
> > rest of the network next week.
>
> Any chance you're also fixing the (likely DNAME-related) issue that's
> breaking resolution of:
>
>     _25._tcp.blue.xy1.nl. IN TLSA ? ; ServFail
>
> From other public resolvers I get:
>
>     ; NoError AD=1
>     ;
>     _tcp.blue.xy1.nl. IN DNAME _tcp.xy1.nl.
>     _25._tcp.blue.xy1.nl. IN CNAME _25._tcp.xy1.nl.
>     _25._tcp.xy1.nl. IN CNAME _dane.xy1.nl.
>     _dane.xy1.nl. IN TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
>
> The TLSA lookup failure can break email deliver from DANE-enabled MTAs
> that use Cloudflare DNS forwarders.
>
> --
>     Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations


More information about the dns-operations mailing list