[191230] in North American Network Operators' Group
Re: Cloudflare reverse DNS SERVFAIL, normal?
daemon@ATHENA.MIT.EDU (David)
Mon Aug 29 19:54:58 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: David <opendak@shaw.ca>
Date: Mon, 29 Aug 2016 17:54:53 -0600
In-Reply-To: <20160829234737.GA16137@cmadams.net>
Errors-To: nanog-bounces@nanog.org
On 2016-08-29 5:47 PM, Chris Adams wrote:
> Once upon a time, Mark Andrews <marka@isc.org> said:
>> The following is general and is not directed at Cloudflare. I know
>> some people don't think errors in the reverse DNS are not critical
>> but if you are delegated a zone it is your responsablity to ensure
>> your servers are correctly serving that zone regardless of where
>> it is in the DNS heirarchy. Failure to do that causes additional
>> work for recursive servers. If you don't want to serve a zone then
>> remove the delegation.
>
> You are assuming that an authoritative server operator has some way to
> know all the zones people delegate to their servers, and remove such
> delegations if they don't want to handle them. That is a wrong
> assumption.
>
Even more generally is that your authoritative server should respond to
anything it is asked with an appropriate answer. Dropping/filtering can
lead to bad situations.
