On Wed, Sep 22, 2021 at 7:26 PM Adam David <adam.val...@gmail.com> wrote:
> This does not seem to be a DNS resolution/misconfiguration issue on > Cloudflare's end. > > https://172.64.80.1/ provides an error message (as it should) indicating > it is a CloudFlare IP. If you can't see that in a web browser, then the > issue is local to your network. > Yes, 172.64.80.1 is a CF address, but it was being returned for deltamath.com. Doing a GET / over TLS with the host set to deltamath.com was giving a 403 Forbidden: HTTP/1.1 403 Forbidden Server: cloudflare Date: Wed, 22 Sep 2021 18:44:15 GMT Content-Type: text/html Content-Length: 151 Connection: keep-alive CF-RAY: 692daefc1ffd542b-YYZ <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>cloudflare</center> </body> </html> The other address handed out all worked fine. So: 1: it is a DNS issue and they shouldn’t have handed out that address for that name or 2: that machine was borked. W > The main causes that I gather would be: > > 1. There was a temporary cache propagation issue on CF's network. (Still > not a DNS issue.) > 2. Your IT department is using 172.0.0.0/9 or possibly even 172.0.0.0/8 > where they intended to use 172.16.0.0/12 (RFC1918 IP space). This would > block access to the netblock belonging to Cloudflare and you would have > difficulty accessing thousands of websites. > Side Note: 172.64.0.0/13 belongs > to AS13335. > > You should always start with your IT department. > If you are a Cloudflare customer, contact them directly. > If you are a DeltaMath customer, then you need to contact them directly. > > Sincerely, > > Adam Vallee > > > > On Wed, Sep 22, 2021 at 4:03 PM Brown, William <wbr...@e1b.org> wrote: > >> From: dns-operations <dns-operations-boun...@dns-oarc.net> On Behalf Of >> Erik Stian Tefre >> Sent: Wednesday, September 22, 2021 3:38 PM >> To: dns-operations@lists.dns-oarc.net >> Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers >> >> > Possibly not a DNS issue at all, but something like this: >> >> > https://community.cloudflare.com/t/revil-ransomware/301435 >> >> > (Executive summary: One Cloudflare IP being blocked by a firewall >> because of a different and misbehaving Cloudflare customer who happened to >> serve malicious content from that same IP.) >> >> > Regards, >> > Erik >> >> Interesting. The real issue I am experiencing is that I am getting >> inconsistent responses from nominally the same authoritative server. It >> just so happens that when we get 172.64.80.1 as the answer it fails. I >> would prefer to get the correct answer so students can use the online >> educational resource the district is paying for. >> Confidentiality Notice: This electronic message and any attachments may >> contain confidential or privileged information, and is intended only for >> the individual or entity identified above as the addressee. If you are not >> the addressee (or the employee or agent responsible to deliver it to the >> addressee), or if this message has been addressed to you in error, you are >> hereby notified that you may not copy, forward, disclose or use any part of >> this message or any attachments. Please notify the sender immediately by >> return e-mail or telephone and delete this message from your system. >> >> _______________________________________________ >> dns-operations mailing list >> dns-operations@lists.dns-oarc.net >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > -- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations