Preformatted textThere seems to be global issue for many users within Germany. The users with **cloudflare DNS 1.1.1.1** cannot resolve "webex.com" domain and use Webex App. After the change to local DNS or google DNS everything works ok.
1 Like
Hi! Can you post any more details? I see some query flows being truncated, but generally things should be working.
1 Like
Hi! Thanks for your answer. Yes, the problem is related to the truncation of DNS response. Some of the clients can’t make the DNS query via TCP afterwards. We are checking if there aren’t any local FW rules blocking it. Although we know how to solve it, it would be also good to know why the size of the DNS response is bigger and truncated now? Was there any feature activated on Cloudflare side recently? We started to have these issues since 16.5.
I will rephrase my question. Although it should be working via TCP, why is the Cloudflare the only DNS, where the Truncation bit is set(size of the response seems to be bigger) for webex domain.
Thanks for responding! In addition to oversize answers, the TC is used to force clients clients to retry and thus prove that the source address is not spoofed. It usually isn’t necessary unless there’s a detected attack traffic on query flows between the source network and Cloudflare, which seems to be the case here. TCP support is required since RFC7766, however unless this is blocked by a local FW, it’s possible the CPE or the client doesn’t support it. If that’s the case, can you share what the software/CPE model is to see if we can work with the manufacturer to fix it?
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.