I alerted Cloud Flare last week and they have indicate they have engineers looking into it. I opened the ticket as a DOS against any domains they provide hosing for. As long as there are clients querying 'http://www.reddit.com' (or any other cloud flare hosted domain) it can keep that domain offline. Our work-around as allowed reddit.com to appear to remain online.
---Eric -----Original Message----- From: Unbound-users [mailto:[email protected]] On Behalf Of John Peacock Sent: Monday, August 25, 2014 9:45 AM To: [email protected] Subject: Re: [Unbound-users] reddit.com issue On Mon, 2014-08-25 at 08:24 -0500, Dave Duchscher wrote: > Cloudflare's response: > > > Hey there, > > > > Because the DNS query "http://reddit.com"; is technically not valid (since > > DNS queries should not contain the protocol URI), CloudFlare's DNS servers > > will not respond to them. That is what I would have predicted their response would have been. A broken client is making illegal DNS queries; that is the root cause of the difficulty. The fact that unbound itself doesn't return an error for these illegal queries is only making matters worse. Neither ':' nor '/' are legal DNS hostname characters (see RFC-1035 and onwards), so it should be the resolver library (i.e. unbound) that should be validating the query before sending it on, IMNSHO. The fact that reddit.com has an unfriendly behavior WRT illegal queries doesn't mean it is their fault; there is no requirement to return NXDOMAIN or SERVFAIL or anything at all, so they chose to drop the query. John -- JOHN PEACOCK senior software build and release engineer www.messagesystems.com twitter @MessageSystems tel 410-872-4910 x239 email [email protected] _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
