SERVFAIL with U.S Bank domains

Zero Trust 1.1.1.1
1

Hello,

Using Cloudflare resolvers (1.1.1.1 and Gateway) results in a SERVFAIL answer with U.S Bank domains.

(domains edited in output to meet new user restrictions)

Here's the output of querying the DNS servers

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> usbank.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21848
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;usbank IN A

;; Query time: 16 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Apr 27 13:52:03 PDT 2020
;; MSG SIZE rcvd: 39

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> usbank.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64267
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;usbank IN A

;; ANSWER SECTION:
usbank 1769 IN A 170.135.184.254
usbank 1769 IN A 170.135.223.254
usbank 1769 IN A 170.135.79.254

;; Query time: 24 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 27 13:52:11 PDT 2020
;; MSG SIZE rcvd: 87

2

I got the same thing

3

Hi, sorry about that, we’re tracking this. The usbank.com nameservers have been unreachable from some places, I’ve sent an email to the domain owner. I’ll post an update here when I get a response.

2 Likes
4

They (US Bank) seem to be watching twitter so I pinged them there https://twitter.com/pallryan/status/1255205196201787397. Hopefully that gets them to respond to you quicker.

1 Like
5

Just an update - I received a response and their team is investigating.

1 Like
6

Thanks for the update!

7

Update as of 12:30 PM PST. Resolution for the domain seems to be working correctly again.

8

I just got an email that the issue was resolved, I can confirm it’s working now!

1 Like
9

I’ve been getting this error for the last 24 hours. Unable to access usbank.com on any device on network using 1.1.1.1. DNS details below.

https://community.cloudflare.com/u/activate-account/20d765827e0fec101f1915804ea19139

10

Hi, seems like the nameservers are unreachable again from some prefixes. I’ve sent an email.

11

Once again not working this morning

dig @1.1.1.1 usbank.com

; <<>> DiG 9.10.6 <<>> @1.1.1.1 usbank.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;usbank.com. IN A

;; Query time: 2484 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu May 28 07:25:09 PDT 2020
;; MSG SIZE rcvd: 39

12

This is ridiculous. What’s wrong US Bank? I shouldn’t have to hit a VPN every time I want to see my bank balance.

Makes me wonder what other kids of fingerprinting / port scanning they’re up to or if it’s just sloppy tech on their part.

Either way it’s making me seriously consider future plans with U.S. Bank!

13

I didn’t get any response yet, I’ll try to reach out again, sorry.

1 Like
14

Confirmed issue with us (our clients) too. CF’s San Jose DC currently has proper data, but their resolvers in/around the SIX have incorrect data.

15

Just an update - I’ve received a response from usbank.com that they’re investigating, it looks like a localized problem in WA/CA with some of their Internet providers.