[dns-operations] Oddness with Cloudfare authoritative servers
Erik Stian Tefre
erik at tefre.com
Wed Sep 22 19:37:47 UTC 2021
On 2021-09-22 19:28, Warren Kumari wrote:
> On Wed, Sep 22, 2021 at 1:01 PM Brown, William <wbrown at e1b.org> wrote:
>> We have a school district that is trying to resolve the domain
>> deltamath.com [1]. This issue is impacting the classroom use of
>> this service.
>>
>> The authoritative servers are tani.ns.cloudflare.com [2] and
>> jarred.ns.cloudfare.com [3]. Tani seems to work correctly. Jarred
>> however, will return two different results:
>>
>> Here are the results of four tries within a few seconds:
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com [4] deltamath.com [1]
>> +short
>> 172.67.75.10
>> 104.26.2.229
>> 104.26.3.229
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com [4] deltamath.com [1]
>> +short
>> 104.26.2.229
>> 104.26.3.229
>> 172.67.75.10
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com [4] deltamath.com [1]
>> +short
>> 172.67.75.10
>> 104.26.3.229
>> 104.26.2.229
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com [4] deltamath.com [1]
>> +short
>> 172.64.80.1
>>
>> Is anyone from Cloudflare of the list that can assist with resolving
>> this? Anyone have a contact at Cloudflare they can share to get
>> this resolved for the school district?
>
> I don't really see the problem here -- all of the addresses returned
> seem to be valid CloudFlare addresses, and (I think) that all of them
> are answering correctly for deltamath.com [1].
> Nameservers routinely answer with different answers to split the load
> between different VIPS, provide answers which they think are "better"
> for specific queriers, etc. As long as the servers returned are
> behaving correctly, CF can return basically whatever they like.
>
> Of course, it's entirely possible/likely that I completely
> misunderstood the issue/question.
> W
Possibly not a DNS issue at all, but something like this:
https://community.cloudflare.com/t/revil-ransomware/301435
(Executive summary: One Cloudflare IP being blocked by a firewall
because of a different and misbehaving Cloudflare customer who happened
to serve malicious content from that same IP.)
Regards,
Erik
More information about the dns-operations
mailing list