[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Sun Apr 19 17:45:04 UTC 2020


On 4/19/20 6:49 PM, Viktor Dukhovni wrote:
>>> I believe that's normal for CloudFlare authoritatives, and so far I've
>>> noticed no real problems from that, apart from effects like less
>>> efficient caching.  Description:
>>> https://blog.cloudflare.com/black-lies/#dnsshotgun
> It can't be "normal", because the auth servers ServFail when I request
> the promised TLSA RRs.


I only meant that those NSECs are normal (for them), not the ServFails
or timeouts which they most likely have to debug themselves.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200419/a9a6aeba/attachment.html>


More information about the dns-operations mailing list