In message <CAJCOWev9n7i+dAhrKTqN=vvBj7qL95y7_5wAwTB9yCeyoYMyBA@mail.gmail.com>, Jeremy writes:
We're seeing a huge uptick in reverse dns lookup failures across an app, 99% are all for Cloudflare ip addresses.
Instead of seeing a PTR or NXDOMAIN we're getting back SERVFAIL.
Does anyone know if this is a standard response from them? Do they not have reverse DNS setup for their networks?
Trying to narrow this down to see if it's a result in a change in how our application handles these errors or if there's an issue going on with cloudflare's DNS setup.
Thanks! Jeremy
If you are delegated a zone then you should answer queries for that zone. SERVFAIL is not appropriate. It indicates a condition that needs to be fixed especially from a authoritative server. Contact Cloudflare with a list of failing names. Cloudflare are generally good about making sure the DNS is giving well formed answers. The following is general and is not directed at Cloudflare. I know some people don't think errors in the reverse DNS are not critical but if you are delegated a zone it is your responsablity to ensure your servers are correctly serving that zone regardless of where it is in the DNS heirarchy. Failure to do that causes additional work for recursive servers. If you don't want to serve a zone then remove the delegation. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org