Cloudflare reverse DNS SERVFAIL, normal?

• Previous message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Next message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <CAJCOWev9n7i+dAhrKTqN=vvBj7qL95y7_5wAwTB9yCeyoYMyBA at mail.gmail.com>, Jeremy writes:
> We're seeing a huge uptick in reverse dns lookup failures across an app,
> 99% are all for Cloudflare ip addresses.
> 
> Instead of seeing a PTR or NXDOMAIN we're getting back SERVFAIL.
> 
> Does anyone know if this is a standard response from them? Do they not have
> reverse DNS setup for their networks?
> 
> Trying to narrow this down to see if it's a result in a change in how our
> application handles these errors or if there's an issue going on with
> cloudflare's DNS setup.
> 
> Thanks!
> Jeremy

If you are delegated a zone then you should answer queries for that
zone.  SERVFAIL is not appropriate.  It indicates a condition that
needs to be fixed especially from a authoritative server.  Contact
Cloudflare with a list of failing names.  Cloudflare are generally
good about making sure the DNS is giving well formed answers.

The following is general and is not directed at Cloudflare.  I know
some people don't think errors in the reverse DNS are not critical
but if you are delegated a zone it is your responsablity to ensure
your servers are correctly serving that zone regardless of where
it is in the DNS heirarchy.  Failure to do that causes additional
work for recursive servers.  If you don't want to serve a zone then
remove the delegation.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

• Previous message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Next message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]