*.is-cf.cloudflareresolve.com is not a valid DNSSEC zone


#1

https://1.1.1.1/help reflects incorrect information if you use 1.1.1.1 via a validating stub resolver because *.is-cf.cloudflareresolve.com is not a valid DNSSEC zone, causing a local SERVFAIL.

With local validation enabled:

$ dig @127.0.0.1 7fe8e839-5b5f-4df3-a6ec-be860de75dfd.is-cf.cloudflareresolve.com +dnssec

; <<>> DiG 9.10.6 <<>> @127.0.0.1 7fe8e839-5b5f-4df3-a6ec-be860de75dfd.is-cf.cloudflareresolve.com +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24904
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;7fe8e839-5b5f-4df3-a6ec-be860de75dfd.is-cf.cloudflareresolve.com. IN A

;; Query time: 253 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 27 02:02:55 AEDT 2019
;; MSG SIZE  rcvd: 82

With local validation disabled:

$ dig @127.0.0.1 7fe8e839-5b5f-4df3-a6ec-be860de75dfe.is-cf.cloudflareresolve.com +dnssec

; <<>> DiG 9.10.6 <<>> @127.0.0.1 7fe8e839-5b5f-4df3-a6ec-be860de75dfe.is-cf.cloudflareresolve.com +dnssec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43371
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1452
;; QUESTION SECTION:
;7fe8e839-5b5f-4df3-a6ec-be860de75dfe.is-cf.cloudflareresolve.com. IN A

;; ANSWER SECTION:
7fe8e839-5b5f-4df3-a6ec-be860de75dfe.is-cf.cloudflareresolve.com. 0 IN CNAME is-cf.cloudflareresolve.com.cdn.cloudflare.net.
is-cf.cloudflareresolve.com.cdn.cloudflare.net.	109 IN A 104.16.225.45
is-cf.cloudflareresolve.com.cdn.cloudflare.net.	109 IN A 104.16.224.45
is-cf.cloudflareresolve.com.cdn.cloudflare.net.	109 IN RRSIG A 13 6 300 20190227160110 20190225140110 34505 cloudflare.net. VbZf7w1m5lbmkcOw8KnwXe6I82UdduYsOk4Yi5p3deZ7A8pm4BVtyLSf 3uw/TsjWR4sH0FDezNhvKpCCI61vKA==

;; Query time: 200 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 27 02:04:21 AEDT 2019
;; MSG SIZE  rcvd: 497