[dns-operations] Oddness with Cloudfare authoritative servers

Warren Kumari warren at kumari.net
Wed Sep 22 23:49:05 UTC 2021

On Wed, Sep 22, 2021 at 7:26 PM Adam David <adam.vallee at gmail.com> wrote:

> This does not seem to be a DNS resolution/misconfiguration issue on
> Cloudflare's end.
> provides an error message (as it should) indicating
> it is a CloudFlare IP. If you can't see that in a web browser, then the
> issue is local to your network.

Yes, is a CF address, but it was being returned for
Doing a GET / over TLS with the host set to deltamath.com  was giving a 403
HTTP/1.1 403 Forbidden
Server: cloudflare
Date: Wed, 22 Sep 2021 18:44:15 GMT
Content-Type: text/html
Content-Length: 151
Connection: keep-alive
CF-RAY: 692daefc1ffd542b-YYZ

<head><title>403 Forbidden</title></head>
<center><h1>403 Forbidden</h1></center>

The other address handed out all worked fine.
1: it is a DNS issue and they shouldn’t have handed out that address for
that name or
2: that machine was borked.


> The main causes that I gather would be:
> 1. There was a temporary cache propagation issue on CF's network. (Still
> not a DNS issue.)
> 2. Your IT department is using or possibly even
> where they intended to use (RFC1918 IP space). This would
> block access to the netblock belonging to Cloudflare and you would have
> difficulty accessing thousands of websites.
>                                  Side Note: belongs
> to AS13335.
> You should always start with your IT department.
> If you are a Cloudflare customer, contact them directly.
> If you are a DeltaMath customer, then you need to contact them directly.
> Sincerely,
> Adam Vallee
> On Wed, Sep 22, 2021 at 4:03 PM Brown, William <wbrown at e1b.org> wrote:
>> From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of
>> Erik Stian Tefre
>> Sent: Wednesday, September 22, 2021 3:38 PM
>> To: dns-operations at lists.dns-oarc.net
>> Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers
>> > Possibly not a DNS issue at all, but something like this:
>> > https://community.cloudflare.com/t/revil-ransomware/301435
>> > (Executive summary: One Cloudflare IP being blocked by a firewall
>> because of a different and misbehaving Cloudflare customer who happened to
>> serve malicious content from that same IP.)
>> > Regards,
>> > Erik
>> Interesting.  The real issue I am experiencing is that I am getting
>> inconsistent responses from nominally the same authoritative server.  It
>> just so happens that when we get as the answer it fails.  I
>> would prefer to get the correct answer so students can use the online
>> educational resource the district is paying for.
>> Confidentiality Notice: This electronic message and any attachments may
>> contain confidential or privileged information, and is intended only for
>> the individual or entity identified above as the addressee. If you are not
>> the addressee (or the employee or agent responsible to deliver it to the
>> addressee), or if this message has been addressed to you in error, you are
>> hereby notified that you may not copy, forward, disclose or use any part of
>> this message or any attachments. Please notify the sender immediately by
>> return e-mail or telephone and delete this message from your system.
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Perhaps they really do strive for incomprehensibility in their specs.
After all, when the liturgy was in Latin, the laity knew their place.
-- Michael Padlipsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210922/0655bbbf/attachment.html>

More information about the dns-operations mailing list