[dns-operations] Invalid delegation for "cloud.huawai.com"
Jesus Cea
jcea at jcea.es
Fri Jun 2 15:23:28 UTC 2023
Bind DNS server replies AAAA queries to "oauth-login.cloud.huawei.com"
with SERVFAIL and the logs shows: "Name huawei.com (SOA) not subdomain
of zone cloud.huawei.com". This is not an issue with AAAA, but with any
query for a register not present in the zone. This is not a BIND bug, it
is a misconfiguration in the "cloud.huawai.com" delegation.
This online tool identifies the issue perfectly:
https://dnsviz.net/d/cloud.huawei.com/dnssec/
A thread in the bind-users mailing list:
https://lists.isc.org/pipermail/bind-users/2023-June/107692.html. A
couple of years ago one cause of many instance misconfiguration was well
described:
https://lists.isc.org/pipermail/bind-users/2021-January/104064.html
I have tried to reach Huawai dnsadmins with no luck so far.
Interestingly, 8.8.8.8, 1.1.1.1, 9.9.9.9 and most other open resolvers
just ignore (or not detect) the misconfiguration. Too bad, since then
the issue goes unresolved because "it works for me!".
This is a common misconfiguration. Would be a public service that common
and popular open DNS resolvers care about it, since a proper SERVFAIL
would prompt a fast and trivial fix in the affected DNS configurations.
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
More information about the dns-operations
mailing list