[dns-operations] Cloudflare people here ? Problematic records served from a Cloudflare hosted zone.
Winfried
walists at mailbox.org
Fri Nov 21 11:17:45 UTC 2025
Hi,
On 11/21/25 11:41, Emmanuel Fusté wrote:
> Hi Joe,
>
> Le 20/11/2025 à 19:07, Joe Abley a écrit :
>> Hi Emmanuel,
>>
>> On 20 Nov 2025, at 16:53, Emmanuel Fusté <manu.fuste at gmail.com> wrote:
>>
>>> With a colleague we found by accident read world records served by
>>> Cloudflare DNS which are breaking the DNS data model: multiple
>>> possible CNAME values for a same record leading to possible
>>> resolver's cache pollution.
>>> As the way to get one value or another is trivial, the way to
>>> control the resolver cached value is trivial too.
>>> We did not find how Cloudflare DNS features and zone content where
>>> used/combined to generate this behavior which is surely unexpected
>>> for the zone operator.
>>> Is there some Cloudflare people here to whom I could provide the
>>> zone/records details to see if it is an expected/assumed behavior or
>>> a subtle corner case bug ?
>> There are a few of us here. Feel free to ping me off-list!
>>
>>
>> Joe
> Thank you ! Details transmited off-list.
Please keep us informed if this case could cause problems for other
resolver operators as well or is otherwise relevant to them.
Winfried
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20251121/adebd86d/attachment.html>
More information about the dns-operations
mailing list