Oh, testing now gives a different / working result: $ curl -v https://www.deltamath.com --connect-to deltamath.com:443:172.64.80.1 2>&1 | grep "HTTP/2 200"
So, looks like the issue is likely resolved. W On Wed, Sep 22, 2021 at 7:49 PM Warren Kumari <[email protected]> wrote: > > > On Wed, Sep 22, 2021 at 7:26 PM Adam David <[email protected]> wrote: > >> This does not seem to be a DNS resolution/misconfiguration issue on >> Cloudflare's end. >> >> https://172.64.80.1/ provides an error message (as it should) indicating >> it is a CloudFlare IP. If you can't see that in a web browser, then the >> issue is local to your network. >> > > Yes, 172.64.80.1 is a CF address, but it was being returned for > deltamath.com. > Doing a GET / over TLS with the host set to deltamath.com was giving a > 403 Forbidden: > HTTP/1.1 403 Forbidden > Server: cloudflare > Date: Wed, 22 Sep 2021 18:44:15 GMT > Content-Type: text/html > Content-Length: 151 > Connection: keep-alive > CF-RAY: 692daefc1ffd542b-YYZ > > <html> > <head><title>403 Forbidden</title></head> > <body> > <center><h1>403 Forbidden</h1></center> > <hr><center>cloudflare</center> > </body> > </html> > > The other address handed out all worked fine. > So: > 1: it is a DNS issue and they shouldn’t have handed out that address for > that name or > 2: that machine was borked. > > W > > > > > > >> The main causes that I gather would be: >> >> 1. There was a temporary cache propagation issue on CF's network. (Still >> not a DNS issue.) >> 2. Your IT department is using 172.0.0.0/9 or possibly even 172.0.0.0/8 >> where they intended to use 172.16.0.0/12 (RFC1918 IP space). This would >> block access to the netblock belonging to Cloudflare and you would have >> difficulty accessing thousands of websites. >> Side Note: 172.64.0.0/13 belongs >> to AS13335. >> >> You should always start with your IT department. >> If you are a Cloudflare customer, contact them directly. >> If you are a DeltaMath customer, then you need to contact them directly. >> >> Sincerely, >> >> Adam Vallee >> >> >> >> On Wed, Sep 22, 2021 at 4:03 PM Brown, William <[email protected]> wrote: >> >>> From: dns-operations <[email protected]> On Behalf Of >>> Erik Stian Tefre >>> Sent: Wednesday, September 22, 2021 3:38 PM >>> To: [email protected] >>> Subject: Re: [dns-operations] Oddness with Cloudfare authoritative >>> servers >>> >>> > Possibly not a DNS issue at all, but something like this: >>> >>> > https://community.cloudflare.com/t/revil-ransomware/301435 >>> >>> > (Executive summary: One Cloudflare IP being blocked by a firewall >>> because of a different and misbehaving Cloudflare customer who happened to >>> serve malicious content from that same IP.) >>> >>> > Regards, >>> > Erik >>> >>> Interesting. The real issue I am experiencing is that I am getting >>> inconsistent responses from nominally the same authoritative server. It >>> just so happens that when we get 172.64.80.1 as the answer it fails. I >>> would prefer to get the correct answer so students can use the online >>> educational resource the district is paying for. >>> Confidentiality Notice: This electronic message and any attachments may >>> contain confidential or privileged information, and is intended only for >>> the individual or entity identified above as the addressee. If you are not >>> the addressee (or the employee or agent responsible to deliver it to the >>> addressee), or if this message has been addressed to you in error, you are >>> hereby notified that you may not copy, forward, disclose or use any part of >>> this message or any attachments. Please notify the sender immediately by >>> return e-mail or telephone and delete this message from your system. >>> >>> _______________________________________________ >>> dns-operations mailing list >>> [email protected] >>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >>> >> _______________________________________________ >> dns-operations mailing list >> [email protected] >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> > -- > Perhaps they really do strive for incomprehensibility in their specs. > After all, when the liturgy was in Latin, the laity knew their place. > -- Michael Padlipsky > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
