Re: Cloudflare reverse DNS SERVFAIL, normal?

[Mark Andrews <marka () isc org>]

In message <CAJCOWev9n7i+dAhrKTqN=vvBj7qL95y7_5wAwTB9yCeyoYMyBA () mail gmail com>, Jeremy writes:
> We're seeing a huge uptick in reverse dns lookup failures across an app,
> 99% are all for Cloudflare ip addresses.
>
> Instead of seeing a PTR or NXDOMAIN we're getting back SERVFAIL.
>
> Does anyone know if this is a standard response from them? Do they not have
> reverse DNS setup for their networks?
>
> Trying to narrow this down to see if it's a result in a change in how our
> application handles these errors or if there's an issue going on with
> cloudflare's DNS setup.
>
> Thanks!
> Jeremy

If you are delegated a zone then you should answer queries for that
zone.  SERVFAIL is not appropriate.  It indicates a condition that
needs to be fixed especially from a authoritative server.  Contact
Cloudflare with a list of failing names.  Cloudflare are generally
good about making sure the DNS is giving well formed answers.

The following is general and is not directed at Cloudflare.  I know
some people don't think errors in the reverse DNS are not critical
but if you are delegated a zone it is your responsablity to ensure
your servers are correctly serving that zone regardless of where
it is in the DNS heirarchy.  Failure to do that causes additional
work for recursive servers.  If you don't want to serve a zone then
remove the delegation.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org