login.authorize.net has A and CNAME records

Arne Jensen darkdevil at darkdevil.dk
Tue Apr 6 19:59:04 UTC 2021

Den 06-04-2021 kl. 21:47 skrev Seth Mattinen:
>> What kind of local problem or network problems could cause a servfail
>> response from the authoritative ns?
> I'm beginning to think this is a DNSSEC related problem, I'll ask on
> the pdns-users list. I see it's asking for a DS record on
> login.authorize.net.cdn.cloudflare.net when the nearest one appears to
> be at cloudflare.net, so for some reason that's not being applied all
> the way down.

I do somehow take that "local problem" part back again, which also
wasn't intended exactly in the way that it was written:


Is looking at login.authorize.net.cdn.cloudflare.net/DNSKEY, but failing
due to the SERVFAIL.

-> https://dnsviz.net/d/login.authorize.net.cdn.cloudflare.net/dnssec/

Seems to claim that it works just fine.

Asking login.authorize.net.cdn.cloudflare.net/DNSKEY or
login.authorize.net.cdn.cloudflare.net/DS returns SERVFAIL here too.

But I don't think you should be querying /DNSKEY or /DS, except a the
(current) delegation's root, e.g. as you say yourself, at
"cloudflare.net" in this case.

Or if "cdn.cloudflare.net" had been a sub-delegation, then at that point...

Med venlig hilsen / Kind regards,
Arne Jensen

More information about the NANOG mailing list