Cloudflare reverse DNS SERVFAIL, normal?

• Previous message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Next message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Aug 30, 2016, at 15:50 , Valdis.Kletnieks at vt.edu wrote:
> 
> On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said:
> 
>> I run a pair of nameservers. Let’s call them ns1.company.com
>> and ns2.company.com
> 
>> Someone registers example.com and points NS records in the COM zone at my
>> nameservers.
> 
> I would have expected that the resulting NXDOMAIN replies from ns1 and ns2
> would usually make this a self-correcting problem.

You don’t get NXDOMAIN when a nameserver gets a request for a zone it doesn’t
serve.

You either get SERVFAIL or you  get NS records back as a referral.

> Are there actually people who do this misconfiguration on a zone big enough
> for the traffic to matter, and leave it that way for very long before they
> clue in that things aren't working right?  I'd think that if somebody points
> billy-bobs-bait-tackle-and-internet.com at you, it might take you quite some
> time to notice - and if somebody whoopsies and points ebay.com's NS records
> at you, the resulting disfunction would be noticed fairly soon….

Depends on your definition of “matter”.

Also, misconfiguring one important zone doesn’t necessarily generate significantly
more traffic than generating a whole lot of unimportant ones. Especially if
you misconfigure zones in ip6.arpa or in-addr.arpa as was the case at the
beginning of this topic.

> (Miscreants who do this intentionally are, of course, a totally different
> kettle of fish, and need to be dealt with as micreants....)

Yep, though one has to wonder why they would bother.

Owen

• Previous message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Next message (by thread): Cloudflare reverse DNS SERVFAIL, normal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]