Sorry for going dark on this issue. I appreciate the efforts everyone has put into this issue for me and the students in Western New York.
1. 172.64.80.1 was blocked by our firewall (I believed based on Fortinet malware intelligence). It was also triggering in Google Chrome as a potentially malicious site as well. Regardless, From Warren’s emails, it looks like this was still not a valid address to reach deltamath.com’s web page. 1. I am still getting the inconsistent result when querying one of the authoritative name servers: [wbrown@ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short 172.64.80.1 [wbrown@ns3 ~]$ dig @jarred.ns.cloudflare.com deltamath.com +short 104.26.3.229 104.26.2.229 172.67.75.10 1. We have reached out to deltamath in conjunction with the school districts and deltamath has reached out to CF on this issue. At this point, I will let deltamath and CF work this all out. Again, thank you everyone that assisted with this issue. -- William Brown WNYRIC/Erie 1 BOCES 716-821-7285 SharePoint, Eforms, Email, Spam Filtering Please reach out to [email protected]<mailto:[email protected]> Immediate Needs Call our Service Desk at 716-821-7171 From: Adam David <[email protected]> Sent: Wednesday, September 22, 2021 7:17 PM To: Brown, William <[email protected]> Cc: Erik Stian Tefre <[email protected]>; [email protected] Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers ******** This email originated from outside of the organization. Use caution when replying, opening attachment(s), and/or clicking on URL's. ******** This does not seem to be a DNS resolution/misconfiguration issue on Cloudflare's end. https://172.64.80.1/ provides an error message (as it should) indicating it is a CloudFlare IP. If you can't see that in a web browser, then the issue is local to your network. The main causes that I gather would be: 1. There was a temporary cache propagation issue on CF's network. (Still not a DNS issue.) 2. Your IT department is using 172.0.0.0/9<http://172.0.0.0/9> or possibly even 172.0.0.0/8<http://172.0.0.0/8> where they intended to use 172.16.0.0/12<http://172.16.0.0/12> (RFC1918 IP space). This would block access to the netblock belonging to Cloudflare and you would have difficulty accessing thousands of websites. Side Note: 172.64.0.0/13<http://172.64.0.0/13> belongs to AS13335. You should always start with your IT department. If you are a Cloudflare customer, contact them directly. If you are a DeltaMath customer, then you need to contact them directly. Sincerely, Adam Vallee On Wed, Sep 22, 2021 at 4:03 PM Brown, William <[email protected]<mailto:[email protected]>> wrote: From: dns-operations <[email protected]<mailto:[email protected]>> On Behalf Of Erik Stian Tefre Sent: Wednesday, September 22, 2021 3:38 PM To: [email protected]<mailto:[email protected]> Subject: Re: [dns-operations] Oddness with Cloudfare authoritative servers > Possibly not a DNS issue at all, but something like this: > https://community.cloudflare.com/t/revil-ransomware/301435 > (Executive summary: One Cloudflare IP being blocked by a firewall because of > a different and misbehaving Cloudflare customer who happened to serve > malicious content from that same IP.) > Regards, > Erik Interesting. The real issue I am experiencing is that I am getting inconsistent responses from nominally the same authoritative server. It just so happens that when we get 172.64.80.1 as the answer it fails. I would prefer to get the correct answer so students can use the online educational resource the district is paying for. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. _______________________________________________ dns-operations mailing list [email protected]<mailto:[email protected]> https://lists.dns-oarc.net/mailman/listinfo/dns-operations Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
