Re: Cloudflare reverse DNS SERVFAIL, normal?

[Nigel Jones <nanog () nigelj net>]

On Tue, Aug 30, 2016 at 06:50:03PM -0400, Valdis.Kletnieks () vt edu wrote:
> On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said:
>
> > I run a pair of nameservers. Let???s call them ns1.company.com
> > and ns2.company.com
>
> > Someone registers example.com and points NS records in the COM zone at my
> > nameservers.
>
> I would have expected that the resulting NXDOMAIN replies from ns1 and ns2
> would usually make this a self-correcting problem.
>
> Are there actually people who do this misconfiguration on a zone big enough
> for the traffic to matter, and leave it that way for very long before they
> clue in that things aren't working right?  I'd think that if somebody points
> billy-bobs-bait-tackle-and-internet.com at you, it might take you quite some
> time to notice - and if somebody whoopsies and points ebay.com's NS records
> at you, the resulting disfunction would be noticed fairly soon....

The recent example seems to be Digital Ocean who had 20k domains pointed
at their NS servers that weren't configured by customers.  There is a
bit about it at
https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html
that may be interesting to read.  I disagree with some of the analysis
but it's a reasonable insight into the frequency of this.

> (Miscreants who do this intentionally are, of course, a totally different
> kettle of fish, and need to be dealt with as micreants....)