#Intermittent broken DNS responses on 1.1.1.1

9 messages · Page 1 of 1 (latest)

hexed arch
#

We're currently experiencing problems with the 1.1.1.1 resolver. Certain responses that contain both A records and a CNAME come with the CNAME last. This violates RFC1034 section 4.3.1 and breaks getaddrinfo in glibc.
An example would be

18:02:12.487552 IP web01.live.pw.demv.systems.34082 > one.one.one.one.domain: 18187+ A? kndapi.softfair-server.de. (43)
18:02:12.493369 IP one.one.one.one.domain > web01.live.pw.demv.systems.34082: 18187 4/0/0 A 88.99.13.178, A 95.216.157.200, A 159.69.42.20, CNAME lb.softfair-server.de. (108)

which is broken, versus

18:02:09.425394 IP web01.live.pw.demv.systems.36977 > one.one.one.one.domain: 50917+ A? kndapi.softfair-server.de. (43)
18:02:09.430429 IP one.one.one.one.domain > web01.live.pw.demv.systems.36977: 50917 4/0/0 CNAME lb.softfair-server.de., A 159.69.42.20, A 95.216.157.200, A 88.99.13.178 (108)

which works.

Please let me know if this should be reported somewhere else.

tardy patio
#

I can confirm it happens to me as well and will report it, but it would be good to know when this started.

hexed arch
#

I got the first internal report about 2-3 hours ago. I'll check if I can find a more accurate time

tardy patio
#

Thanks, I've reported that.

hexed arch
#

The first error I could find is from 11:25 CET, that is 7.5 hours ago

steel flicker
#

Hey, thanks for the report - we've raised an incident internally and are working to resolve

steel flicker
fleet sky