Do you have a link to a ticket with more information? Cloudflare’s nameservers implement https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any … that deprecates ANY type queries
-
-
-
No, still trying to figure out why they're doing this. But the wildcard HINFO is visible w/o an any query.
-
For example, host -t 13 http://foo.cloudflare.com http://ns3.cloudflare.com
-
That's not an injection, it returns a NODATA answer.
-
For type HINFO it's not NODATA, it's an empty (1-byte nul) HINFO RR.
-
The presence of the wildcard HINFO is why requests for other RR types yield NODATA rather than NxDomain.
-
No, NODATA means that the name maybe exists, but the requested type for that name does not. It doesn't say anything about a wildcard. You can add DO=1 in the query and read the covered types (or proof of wildcard expansion) from the NSEC record.
-
The underlying problem is that
@Cloudflare is returning NODATA for subdomains that don't exist (that the customer didn't intend to exist) rather than NxDomain. - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.