DNS Moving to Cloudflare?

After a recent problem with Dyn.com (search news stories for “DDoS against Dyn DNS”), several big DNS providers took additional precautions with one or more of their primary DNS servers. This includes moving them so that they are not hosted by *one* provider. This is generally a good thing and ISNIC has promoted operating your DNS servers on separate IP Networks, and separate AS numbers for resilient operations.

Some providers have moved their services to Cloudflare – which should be fine – however, some of them haven’t yet gotten their PTR RRs (Resource Records), also known as Reverse DNS, into the appropriate in-addr.arpa zone.

Cloudflare does know how to operate DNS services, and they do know how to add PTR RRs. As to why they’ve not applied them to these services are reasons unbeknownst to ISNIC. You must contact your DNS provider and ask them!

If they say all is well, use the ISNIC Zone Check – and forward the results to your provider. If they still continue to claim all is well, ask for better support – and someone who knows what “in-addr.arpa” means (and don’t think it’s an URL…)

If your DNS provider is Bluehost, ask them what this means:

dig -x 162.159.24.80 +trace # results in a loop, which ends in:

24.159.162.in-addr.arpa. 86400 IN NS ns2.cloudflare.com.
24.159.162.in-addr.arpa. 86400 IN NS ns3.cloudflare.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 209 bytes from 162.159.0.33#53(ns3.cloudflare.com) in 41 ms

(162.159.24.80 is the IP Address of ns1.bluehost.com, which is now hosted by Cloudflare)

If you continue to receive notices or information from Bluehost that your domain isn’t OK, move your DNS services away from Bluehost, since they no longer support .is domains for a period of more than 6 weeks (the counter in the e-mail from ISNIC should not exceed 8!) then you must take action.

ISNIC has been in contact with DNS specialists from Bluehost and Cloudflare – which should resulted in appropriate repairs (29th Nov). However, from 27th January we’ve received information that this has happened again. And PTR errors were resolved by Bluehost on 14th march 2017.

Bluehost has also recommend the A RECORD solution – since they will not support .is domains in their DNS solution.

If you have issues, and Bluehost suggest A RECORDs, then you can go to www.isnic.is and in “Web Forwarding” enter the IP Address provided from Bluehost for your server (ping your domain may reveal this) – this will make ISNIC’s Web Forwarding service act as DNS Provider for your domain. If you also have e-mail active for your domain make sure to enter the correct mail server name! If Bluehost is also your mail server host, then you just type in your domain name in the mail server field.