Any ideas why @Cloudflare is injecting an empty wildcard HINFO RR into all zones they host dns for? That's what's breaking @kubernetesio on @musllibc.
The underlying problem is that @Cloudflare is returning NODATA for subdomains that don't exist (that the customer didn't intend to exist) rather than NxDomain.
-
-
I thought I'd diagnosed synthesized wildcard RRs as the mechanism but it seems they may just be an artifact of any-deprecation & my misreading.
-
My bad. But really, DNSSEC’s bad, and it was an intentional trade-off: https://tools.ietf.org/html/draft-valsorda-dnsop-black-lies-00 …
-
Does Cloudflare have any proposal for how their results should be interpreted/how clients should distinguish between nonexistent domains and domains that just lack a specific record type?
-
Making this distinction is necessary for search domain functionality to work in a consistent manner (i.e. getting data for the same search path component independent of RR type requested).
-
This should be now fixed, can you check on any affected zone? cc
@odintsov_pavel -
Tried http://foo.cloudflare.com , seems fixed when querying http://ns3.cloudflare.com directly, but not yet propagated everywhere. Thanks!
-
Awesome! We finished deployment for NODATA/NXDOMAIN fix few hours ago and it should be everywhere now.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.