[dns-operations] Oddness with Cloudfare authoritative servers

Brown, William wbrown at e1b.org
Tue Sep 28 13:49:23 UTC 2021 

Sorry for going dark on this issue.  I appreciate the efforts everyone has put into this issue for me and the students in Western
New York.


  1.  172.64.80.1 was blocked by our firewall (I believed based on Fortinet malware intelligence).  It was also triggering in Google Chrome as a potentially malicious site as well.



Regardless, From Warren’s emails, it looks like this was still not a valid address to reach deltamath.com’s web page.



  1.  I am still getting the inconsistent result when querying one of the authoritative name servers:
[wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short
172.64.80.1
[wbrown at ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short

104.26.3.229
104.26.2.229
172.67.75.10

  1.  We have reached out to deltamath in conjunction with the school districts and deltamath has reached out to CF on this issue.


At this point, I will let deltamath and CF work this all out.

Again, thank you everyone that assisted with this issue.
--
William Brown
WNYRIC/Erie 1 BOCES
716-821-7285

SharePoint, Eforms, Email, Spam Filtering Please reach out to messaging at e1b.org<mailto:messaging at e1b.org>
Immediate Needs Call our Service Desk at 716-821-7171

From: Adam David <adam.vallee at gmail.com>
Sent: Wednesday, September 22, 2021 7:17 PM
To: Brown, William <wbrown at e1b.org>
Cc: Erik Stian Tefre <erik at tefre.com>; dns-operations at lists.dns-oarc.net
Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers


******** This email originated from outside of the organization. Use caution when replying, opening attachment(s), and/or clicking on URL's. ********

This does not seem to be a DNS resolution/misconfiguration issue on Cloudflare's end.

https://172.64.80.1/ provides an error message (as it should) indicating it is a CloudFlare IP. If you can't see that in a web browser, then the issue is local to your network.

The main causes that I gather would be:

1. There was a temporary cache propagation issue on CF's network. (Still not a DNS issue.)
2. Your IT department is using 172.0.0.0/9<http://172.0.0.0/9> or possibly even 172.0.0.0/8<http://172.0.0.0/8> where they intended to use 172.16.0.0/12<http://172.16.0.0/12> (RFC1918 IP space). This would block access to the netblock belonging to Cloudflare and you would have difficulty accessing thousands of websites.
                                 Side Note: 172.64.0.0/13<http://172.64.0.0/13> belongs to AS13335.

You should always start with your IT department.
If you are a Cloudflare customer, contact them directly.
If you are a DeltaMath customer, then you need to contact them directly.

Sincerely,

Adam Vallee



On Wed, Sep 22, 2021 at 4:03 PM Brown, William <wbrown at e1b.org<mailto:wbrown at e1b.org>> wrote:
From: dns-operations <dns-operations-bounces at dns-oarc.net<mailto:dns-operations-bounces at dns-oarc.net>> On Behalf Of Erik Stian Tefre
Sent: Wednesday, September 22, 2021 3:38 PM
To: dns-operations at lists.dns-oarc.net<mailto:dns-operations at lists.dns-oarc.net>
Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers

> Possibly not a DNS issue at all, but something like this:

> https://community.cloudflare.com/t/revil-ransomware/301435

> (Executive summary: One Cloudflare IP being blocked by a firewall because of a different and misbehaving Cloudflare customer who happened to serve malicious content from that same IP.)

> Regards,
> Erik

Interesting.  The real issue I am experiencing is that I am getting inconsistent responses from nominally the same authoritative server.  It just so happens that when we get 172.64.80.1 as the answer it fails.  I would prefer to get the correct answer so students can use the online educational resource the district is paying for.
Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system.

_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net<mailto:dns-operations at lists.dns-oarc.net>
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210928/0a9c3967/attachment.html>

More information about the dns-operations mailing list