[dns-operations] Cloudflare people here ? Problematic records served from a Cloudflare hosted zone.
Ondřej Surý
ondrej at sury.org
Thu Nov 27 11:34:32 UTC 2025
Hey Joe,
found another case of CNAME weirdness.
CNAME returned for A query (or NS or any other type that exists at the target of the CNAME):
; <<>> DiG 9.21.14 <<>> +norec in A www.berlin-city-tour.de. @lina.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1239
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.berlin-city-tour.de. IN A
;; ANSWER SECTION:
www.berlin-city-tour.de. 60 IN CNAME berlin-city-tour.de.
berlin-city-tour.de. 300 IN A 167.71.36.225
;; Query time: 17 msec
;; SERVER: 2606:4700:50::adf5:3abb#53(lina.ns.cloudflare.com.) (UDP)
;; WHEN: Thu Nov 27 12:27:02 CET 2025
;; MSG SIZE rcvd: 82
CNAME not returned for NODATA answer:
; <<>> DiG 9.21.14 <<>> +norec in AAAA www.berlin-city-tour.de. @lina.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42854
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.berlin-city-tour.de. IN AAAA
;; AUTHORITY SECTION:
berlin-city-tour.de. 1800 IN SOA amit.ns.cloudflare.com. dns.cloudflare.com. 2389579513 10000 2400 604800 1800
;; Query time: 17 msec
;; SERVER: 2606:4700:50::adf5:3abb#53(lina.ns.cloudflare.com.) (UDP)
;; WHEN: Thu Nov 27 12:27:33 CET 2025
;; MSG SIZE rcvd: 114
I believe the CNAME has to be returned regardless of the target existence.
Cheers,
Ondrej
--
Ondřej Surý (He/Him)
ondrej at sury.org
More information about the dns-operations
mailing list