Do you have a link to a ticket with more information? Cloudflare’s nameservers implement https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any … that deprecates ANY type queries
-
-
Replying to @vavrusam @Cloudflare and
No, still trying to figure out why they're doing this. But the wildcard HINFO is visible w/o an any query.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @vavrusam and
For example, host -t 13 http://foo.cloudflare.com http://ns3.cloudflare.com
1 reply 0 retweets 0 likes -
Replying to @RichFelker @Cloudflare and
That's not an injection, it returns a NODATA answer.
1 reply 0 retweets 0 likes -
Replying to @vavrusam @Cloudflare and
For type HINFO it's not NODATA, it's an empty (1-byte nul) HINFO RR.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @Cloudflare and
Aren't you confusing it with question section?
1 reply 0 retweets 0 likes -
Replying to @vavrusam @Cloudflare and
Maybe I misread it. I'll look again.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @Cloudflare and
Do you know what's the DNS client that's having issues with the answer?
1 reply 0 retweets 0 likes -
Replying to @vavrusam @Cloudflare and
It interferes with the way
@kubernetesio uses search domains if the resolver imposes reasonable consistency requirements. See this thread: http://www.openwall.com/lists/musl/2018/03/30/12 …1 reply 0 retweets 0 likes -
Replying to @RichFelker @Cloudflare and
Thanks, I think I understand why can the NODATA be an issue. I'll see what we can do to change the behavior. The search list algorithm is unfortunately poorly defined https://www.icann.org/en/system/files/files/sac-064-en.pdf …
2 replies 0 retweets 1 like
Thanks for taking the time to look at it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.