A particular set of name servers fail DNS 0x20 only when queried over TCP, and typically also cause unbound’s capsforid fallback strategy to fail (not sure why, but it might be related to the different case returned in DNSSEC records by the particular servers). These servers are in the 194.0.1.0/24…

Incidentally, CommunityDNS also operates ns3.gratisdns.dk, which causes capsforid fallback failures by serving weird records with a weird class. [image] Getting servfail when renewing, or adding domains Help P…

Also, for context, TCP fallback increased a couple months ago. [image] EDNS Buffer Size Changing to 512 Bytes (In 2024: now 1232) API Announcements S…

Yes. A user report last week drew our attention to the problem: https://letsdebug.net/snf-45288.vm.okeanos-global.grnet.gr/16112 I noticed the issue with gr-c.ics.forth.gr and reported it to the ccTLD operator. I later realized the same issue affects a number of TLDs served by CDNS. I contacted t…

Thanks for reaching out to them. If you’re able to find out what DNS software they’re using, that would be super useful.

[image] jsha: If you’re able to find out what DNS software they’re using, that would be super useful. They have their own proprietary DNS server, according to their website. http://www.cdns.net/CommunityDNS-Leaders-in-Security.html

Further tests showed 35 TLDs affected by this breakage. I posted the list to DNS-OARC, hoping someone from CDNS will take notice. https://lists.dns-oarc.net/pipermail/dns-operations/2019-January/018359.html

CommunityDNS has confirmed (by email) they are aware of the problem and working on a fix.

Widespread SERVFAIL problem related to DNS 0x20

Issuance Tech

jsha January 23, 2019, 8:07pm 5

This is interesting, we’ll take a look! Thanks for the detailed report. How did this come to your attention? Are you the administrator for an affected domain name?

Topic		Replies	Views
SERVFAIL causing issuance failures, unable to reproduce in Unbound or locally Help	46	4613	September 6, 2018
CAA requests resulting in SERVFAIL since Dec 12th Help	22	1310	January 19, 2024
DNS problem - SERVFAIL for (seemingly) correctly replied names Help	39	5578	January 6, 2022
Spurious CAA SERVFAIL responses during finalize Help	40	1908	January 4, 2024
SERVFAIL while renewing Help	11	1743	January 28, 2019

Widespread SERVFAIL problem related to DNS 0x20

Related topics