[dns-operations] Oddness with Cloudfare authoritative servers

Ethan Katz-Bassett ebk2141 at columbia.edu
Wed Sep 22 23:38:09 UTC 2021


Cloudflare in particular is experimenting with returning different IP
addresses to different queries for all kinds of reasons:
https://mislove.org/publications/IP-Unbound-SIGCOMM.pdf



On Wed, Sep 22, 2021 at 1:29 PM Warren Kumari <warren at kumari.net> wrote:

>
>
> On Wed, Sep 22, 2021 at 1:01 PM Brown, William <wbrown at e1b.org> wrote:
>
>> We have a school district that is trying to resolve the domain
>> deltamath.com.  This issue is impacting the classroom use of this
>> service.
>>
>>
>>
>> The authoritative servers are tani.ns.cloudflare.com and
>> jarred.ns.cloudfare.com.  Tani seems to work correctly.  Jarred however,
>> will return two different results:
>>
>>
>>
>> Here are the results of four tries within a few seconds:
>>
>>
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short
>>
>> 172.67.75.10
>>
>> 104.26.2.229
>>
>> 104.26.3.229
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short
>>
>> 104.26.2.229
>>
>> 104.26.3.229
>>
>> 172.67.75.10
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short
>>
>> 172.67.75.10
>>
>> 104.26.3.229
>>
>> 104.26.2.229
>>
>> [wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short
>>
>> 172.64.80.1
>>
>>
>>
>> Is anyone from Cloudflare of the list that can assist with resolving
>> this?  Anyone have a contact at Cloudflare they can share to get this
>> resolved for the school district?
>>
>
> I don't really see the problem here -- all of the addresses returned seem
> to be valid CloudFlare addresses, and (I think) that all of them are
> answering correctly for deltamath.com.
> Nameservers routinely answer with different answers to split the load
> between different VIPS, provide answers which they think are "better" for
> specific queriers, etc. As long as the servers returned are behaving
> correctly, CF can return basically whatever they like.
>
> Of course, it's entirely possible/likely that I completely misunderstood
> the issue/question.
> W
>
>
>
>
>
>>
>>
>> --
>>
>> William Brown
>>
>> WNYRIC/Erie 1 BOCES
>>
>> 716-821-7285
>>
>>
>>
>> SharePoint, Eforms, Email, Spam Filtering Please reach out to
>> messaging at e1b.org
>>
>> Immediate Needs Call our Service Desk at 716-821-7171
>>
>>
>> Confidentiality Notice: This electronic message and any attachments may
>> contain confidential or privileged information, and is intended only for
>> the individual or entity identified above as the addressee. If you are not
>> the addressee (or the employee or agent responsible to deliver it to the
>> addressee), or if this message has been addressed to you in error, you are
>> hereby notified that you may not copy, forward, disclose or use any part of
>> this message or any attachments. Please notify the sender immediately by
>> return e-mail or telephone and delete this message from your system.
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>
>
> --
> The computing scientist’s main challenge is not to get confused by the
> complexities of his own making.
>   -- E. W. Dijkstra
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>


-- 
http://www.columbia.edu/~ebk2141/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210922/5fc4d2f7/attachment.html>


More information about the dns-operations mailing list