login.authorize.net has A and CNAME records

• Previous message (by thread): login.authorize.net has A and CNAME records
• Next message (by thread): Digital Ocean Abuse Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Andrews <marka at isc.org> writes:

> It shouldn’t matter.  Only non-rfc-compliant servers allow A and CNAME
> to co-exist at the same name.  That combination was prohibited by RFC
> 1034.

Right.  Thanks.  I confused myself multiple times here ;-)


The issue seems to be that the cloudflare servers takes a shortcut and
convert the CNAME to A, dropping the intermediate CNAME.   That's
obviously not OK.


So it looks correct when you do:


bjorn at miraculix:/tmp$ dig CNAME login.authorize.net @ns0210.secondary.cloudflare.com

; <<>> DiG 9.16.13-Debian <<>> CNAME login.authorize.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52372
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net.           IN      CNAME

;; ANSWER SECTION:
login.authorize.net.    300     IN      CNAME   login.authorize.net.cdn.cloudflare.net.

;; Query time: 28 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:01:23 CEST 2021
;; MSG SIZE  rcvd: 97

bjorn at miraculix:/tmp$ dig A login.authorize.net.cdn.cloudflare.net @ns0210.secondary.cloudflare.com

; <<>> DiG 9.16.13-Debian <<>> A login.authorize.net.cdn.cloudflare.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54740
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net.cdn.cloudflare.net.        IN A

;; ANSWER SECTION:
login.authorize.net.cdn.cloudflare.net. 300 IN A 104.18.8.127
login.authorize.net.cdn.cloudflare.net. 300 IN A 104.18.9.127

;; Query time: 28 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:01:41 CEST 2021
;; MSG SIZE  rcvd: 99



But not when you query for A directly:



bjorn at miraculix:/tmp$ dig A login.authorize.net @ns0210.secondary.cloudflare.com

; <<>> DiG 9.16.13-Debian <<>> A login.authorize.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26197
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net.           IN      A

;; ANSWER SECTION:
login.authorize.net.    300     IN      A       104.18.9.127
login.authorize.net.    300     IN      A       104.18.8.127

;; Query time: 24 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:02:25 CEST 2021
;; MSG SIZE  rcvd: 80



So a Cloudflare bug.



Bjørn

• Previous message (by thread): login.authorize.net has A and CNAME records
• Next message (by thread): Digital Ocean Abuse Contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]