[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Sun Apr 19 17:45:04 UTC 2020

On 4/19/20 6:49 PM, Viktor Dukhovni wrote:
>>> I believe that's normal for CloudFlare authoritatives, and so far I've
>>> noticed no real problems from that, apart from effects like less
>>> efficient caching.  Description:
>>> https://blog.cloudflare.com/black-lies/#dnsshotgun
> It can't be "normal", because the auth servers ServFail when I request
> the promised TLSA RRs.

I only meant that those NSECs are normal (for them), not the ServFails
or timeouts which they most likely have to debug themselves.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200419/a9a6aeba/attachment.html>

More information about the dns-operations mailing list