login.authorize.net has A and CNAME records
Bjørn Mork
bjorn at mork.no
Wed Apr 7 08:07:20 UTC 2021
Mark Andrews <marka at isc.org> writes:
> It shouldn’t matter. Only non-rfc-compliant servers allow A and CNAME
> to co-exist at the same name. That combination was prohibited by RFC
> 1034.
Right. Thanks. I confused myself multiple times here ;-)
The issue seems to be that the cloudflare servers takes a shortcut and
convert the CNAME to A, dropping the intermediate CNAME. That's
obviously not OK.
So it looks correct when you do:
bjorn at miraculix:/tmp$ dig CNAME login.authorize.net @ns0210.secondary.cloudflare.com
; <<>> DiG 9.16.13-Debian <<>> CNAME login.authorize.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52372
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net. IN CNAME
;; ANSWER SECTION:
login.authorize.net. 300 IN CNAME login.authorize.net.cdn.cloudflare.net.
;; Query time: 28 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:01:23 CEST 2021
;; MSG SIZE rcvd: 97
bjorn at miraculix:/tmp$ dig A login.authorize.net.cdn.cloudflare.net @ns0210.secondary.cloudflare.com
; <<>> DiG 9.16.13-Debian <<>> A login.authorize.net.cdn.cloudflare.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54740
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net.cdn.cloudflare.net. IN A
;; ANSWER SECTION:
login.authorize.net.cdn.cloudflare.net. 300 IN A 104.18.8.127
login.authorize.net.cdn.cloudflare.net. 300 IN A 104.18.9.127
;; Query time: 28 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:01:41 CEST 2021
;; MSG SIZE rcvd: 99
But not when you query for A directly:
bjorn at miraculix:/tmp$ dig A login.authorize.net @ns0210.secondary.cloudflare.com
; <<>> DiG 9.16.13-Debian <<>> A login.authorize.net @ns0210.secondary.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26197
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;login.authorize.net. IN A
;; ANSWER SECTION:
login.authorize.net. 300 IN A 104.18.9.127
login.authorize.net. 300 IN A 104.18.8.127
;; Query time: 24 msec
;; SERVER: 162.159.33.85#53(162.159.33.85)
;; WHEN: Wed Apr 07 10:02:25 CEST 2021
;; MSG SIZE rcvd: 80
So a Cloudflare bug.
Bjørn
More information about the NANOG
mailing list