[dns-operations] At least 3 CloudFlare DNS-hosted domains with oddball TLSA lookup ServFail

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Apr 23 06:20:07 UTC 2020


On Mon, Apr 20, 2020 at 11:55:38AM +0100, Christian Elmerot wrote:

> On 2020-04-19 07:55, Viktor Dukhovni wrote:
> > The CloudFlare auth servers return ServFail for the TLSA lookup of:
> >
> >      https://dnsviz.net/d/_25._tcp.mx01.mx-hosting.ch/XpvvXg/dnssec/
> >      https://dnsviz.net/d/_25._tcp.mail.markleenen.eu/Xpvvcg/dnssec/
> >      https://dnsviz.net/d/_25._tcp.box.nobodyghost.net/Xpvvow/dnssec/
>
> Those ServFails are being looked into as that is something different and 
> a bug I believe. I'll get back with more information when the issue's 
> been identified in our pipeline.

Great, thanks.  Not yet resolved FWIW:

    http://dnssec-stats.ant.isi.edu/~viktor/dnsviz/cloudflare.com.html

This negatively affects email to at least eight domains:

    mx-hosting.ch
    smartcity-system.ch
    flavio-meyer.ch
    premier-etage.ch
    itsupport-luzern.ch
    smartcity-system.com
    markleenen.eu
    nobodyghost.net

-- 
    Viktor.


More information about the dns-operations mailing list