[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail
Vladimír Čunát
vladimir.cunat+ietf at nic.cz
Sun Apr 19 07:56:53 UTC 2020
(I don't react to the SERVFAIL from CloudFlare auth.)
On 4/19/20 8:55 AM, Viktor Dukhovni wrote:
> the NSEC RR promises TLSA records, among a rather oddball mix of
> other rrtypes
I believe that's normal for CloudFlare authoritatives, and so far I've
noticed no real problems from that, apart from effects like less
efficient caching. Description:
https://blog.cloudflare.com/black-lies/#dnsshotgun
At least they lie in the better direction - some servers actually deny
types they do want served:
https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0003.md
More information about the dns-operations
mailing list