[dns-operations] Invalid delegation for "cloud.huawai.com"

Jesus Cea jcea at jcea.es
Fri Jun 2 15:23:28 UTC 2023


Bind DNS server replies AAAA queries to "oauth-login.cloud.huawei.com" 
with SERVFAIL and the logs shows: "Name huawei.com (SOA) not subdomain 
of zone cloud.huawei.com". This is not an issue with AAAA, but with any 
query for a register not present in the zone. This is not a BIND bug, it 
is a misconfiguration in the "cloud.huawai.com" delegation.

This online tool identifies the issue perfectly: 
https://dnsviz.net/d/cloud.huawei.com/dnssec/

A thread in the bind-users mailing list: 
https://lists.isc.org/pipermail/bind-users/2023-June/107692.html. A 
couple of years ago one cause of many instance misconfiguration was well 
described: 
https://lists.isc.org/pipermail/bind-users/2021-January/104064.html

I have tried to reach Huawai dnsadmins with no luck so far.

Interestingly, 8.8.8.8, 1.1.1.1, 9.9.9.9 and most other open resolvers 
just ignore (or not detect) the misconfiguration. Too bad, since then 
the issue goes unresolved because "it works for me!".

This is a common misconfiguration. Would be a public service that common 
and popular open DNS resolvers care about it, since a proper SERVFAIL 
would prompt a fast and trivial fix in the affected DNS configurations.

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - https://www.jcea.es/    _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz



More information about the dns-operations mailing list