Bind DNS server replies AAAA queries to "oauth-login.cloud.huawei.com"
with SERVFAIL and the logs shows: "Name huawei.com (SOA) not subdomain
of zone cloud.huawei.com". This is not an issue with AAAA, but with any
query for a register not present in the zone. This is not a BIND bug, it
is a misconfiguration in the "cloud.huawai.com" delegation.
This online tool identifies the issue perfectly:
https://dnsviz.net/d/cloud.huawei.com/dnssec/
A thread in the bind-users mailing list:
https://lists.isc.org/pipermail/bind-users/2023-June/107692.html. A
couple of years ago one cause of many instance misconfiguration was well
described:
https://lists.isc.org/pipermail/bind-users/2021-January/104064.html
I have tried to reach Huawai dnsadmins with no luck so far.
Interestingly, 8.8.8.8, 1.1.1.1, 9.9.9.9 and most other open resolvers
just ignore (or not detect) the misconfiguration. Too bad, since then
the issue goes unresolved because "it works for me!".
This is a common misconfiguration. Would be a public service that common
and popular open DNS resolvers care about it, since a proper SERVFAIL
would prompt a fast and trivial fix in the affected DNS configurations.
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
[email protected] - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:[email protected] _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
