[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Sun Apr 19 07:56:53 UTC 2020

(I don't react to the SERVFAIL from CloudFlare auth.)

On 4/19/20 8:55 AM, Viktor Dukhovni wrote:
> the NSEC RR promises TLSA records, among a rather oddball mix of
> other rrtypes

I believe that's normal for CloudFlare authoritatives, and so far I've
noticed no real problems from that, apart from effects like less
efficient caching.  Description:

At least they lie in the better direction - some servers actually deny
types they do want served:

More information about the dns-operations mailing list