[dns-operations] Cloudflare people here ? Problematic records served from a Cloudflare hosted zone.
Ondřej Surý
ondrej at sury.org
Thu Nov 27 12:23:53 UTC 2025
> Like many other DNS providers of a certain shape, Cloudflare provides various non-standard DNS features that are generally intended to be invisible to the Internet at large, but which achieve certain things that our customers want to do. Sometimes they are not invisible, which means they are protocol violations. Sometimes we find we have particular custonmers who come to rely on the strange behaviour, which makes it more of a challenge to change. But we are working on it; our goal is certainly not to cause unpleasant surprises for others, quite the opposite.
To clarify - my message was not meant to be point and shame, but to share
the awareness of the issue and to satisfy the general curiosity of DNS people.
I think I also actually found an error in BIND 9's QNAME minimization algorithm
by violating Section 3, step (3) and doing NS query instead for the full name.
So, perhaps, thank you is in place :)
Ondrej
--
Ondřej Surý (He/Him)
ondrej at sury.org
More information about the dns-operations
mailing list