Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

David Miller Wed, 08 Feb 2012 20:06:18 -0800

On 2/8/2012 10:32 PM, Matt Doughty wrote:

I have spend the afternoon trying to figure this out. The response I
get back from their nameserver looks fine to me, and dig +trace works
fine, but a regular dig returns a servfail. I have looked at the code
for invalid response, but I don't quite follow what is going on there,
and the comment 'responder is insane' leaves something to be desired.
Any help would be appreciated here. I have included the dig +trace
output below:


dig +trace winqual.partners.extranet.microsoft.com.

;<<>>  DiG 9.7.0-P1<<>>  +trace winqual.partners.extranet.microsoft.com.
;; global options: +cmd
.                       518004  IN      NS      j.root-servers.net.
.                       518004  IN      NS      e.root-servers.net.
.                       518004  IN      NS      l.root-servers.net.
.                       518004  IN      NS      c.root-servers.net.
.                       518004  IN      NS      m.root-servers.net.
.                       518004  IN      NS      d.root-servers.net.
.                       518004  IN      NS      b.root-servers.net.
.                       518004  IN      NS      h.root-servers.net.
.                       518004  IN      NS      k.root-servers.net.
.                       518004  IN      NS      a.root-servers.net.
.                       518004  IN      NS      g.root-servers.net.
.                       518004  IN      NS      i.root-servers.net.
.                       518004  IN      NS      f.root-servers.net.
;; Received 228 bytes from 172.16.255.1#53(172.16.255.1) in 1 ms

com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
;; Received 497 bytes from 192.33.4.12#53(c.root-servers.net) in 18 ms

microsoft.com.          172800  IN      NS      ns3.msft.net.
microsoft.com.          172800  IN      NS      ns1.msft.net.
microsoft.com.          172800  IN      NS      ns5.msft.net.
microsoft.com.          172800  IN      NS      ns2.msft.net.
microsoft.com.          172800  IN      NS      ns4.msft.net.
;; Received 235 bytes from 192.43.172.30#53(i.gtld-servers.net) in 67 ms

partners.extranet.microsoft.com. 3600 IN NS     dns10.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns13.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns11.one.microsoft.com.
partners.extranet.microsoft.com. 3600 IN NS     dns12.one.microsoft.com.
;; Received 236 bytes from 64.4.59.173#53(ns2.msft.net) in 3 ms

winqual.partners.extranet.microsoft.com. 10 IN A 131.107.97.31
;; Received 112 bytes from 131.107.125.65#53(dns10.one.microsoft.com) in 23 ms

If I just dig at their servers for NS, I get a trunc and retry over TCPthat times out.

If I signal a bufsize, I get back a 777 byte response with NS that don'tmatch the parent and an additional full of private 10/8 addresses

# dig +norecurse +bufsize=1024 ns partners.extranet.microsoft.com@dns10.one.microsoft.com.

; <<>> DiG 9.8.1 <<>> +norecurse +bufsize=1024 nspartners.extranet.microsoft.com @dns10.one.microsoft.com.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10678
;; flags: qr ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 17

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;partners.extranet.microsoft.com. IN    NS

;; ANSWER SECTION:

partners.extranet.microsoft.com. 1076 IN NStk5-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSkaw-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSco2-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSco2-ptnr-dc-01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NStk5-ptnr-dc-01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSdb3-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSdb3-ptnr-dc-01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NStk5-ptnr-dc-03.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSsin-ptnr-dc-03.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSrno-ptnr-dc-01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSph1-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSph1-ptnr-dc-01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSsin-ptnr-dc-02.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSsinxtdnsz01.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NStk5-ptnr-dc-05.partners.extranet.microsoft.com.partners.extranet.microsoft.com. 1076 IN NSkaw-ptnr-dc-03.partners.extranet.microsoft.com.


;; ADDITIONAL SECTION:
tk5-ptnr-dc-02.partners.extranet.microsoft.com. 65 IN A 10.251.51.102
kaw-ptnr-dc-02.partners.extranet.microsoft.com. 3564 IN A 10.251.162.20
co2-ptnr-dc-02.partners.extranet.microsoft.com. 3196 IN A 10.251.152.89
co2-ptnr-dc-01.partners.extranet.microsoft.com. 2092 IN A 10.251.152.173
tk5-ptnr-dc-01.partners.extranet.microsoft.com. 2307 IN A 10.251.51.13
db3-ptnr-dc-02.partners.extranet.microsoft.com. 2887 IN A 10.251.138.59
db3-ptnr-dc-01.partners.extranet.microsoft.com. 2518 IN A 10.251.138.15
tk5-ptnr-dc-03.partners.extranet.microsoft.com. 1925 IN A 10.251.52.124
sin-ptnr-dc-03.partners.extranet.microsoft.com. 3109 IN A 10.251.168.67
rno-ptnr-dc-01.partners.extranet.microsoft.com. 2498 IN A 10.251.64.113
ph1-ptnr-dc-02.partners.extranet.microsoft.com. 2552 IN A 10.251.26.12
ph1-ptnr-dc-01.partners.extranet.microsoft.com. 3357 IN A 10.251.26.11
sin-ptnr-dc-02.partners.extranet.microsoft.com. 2897 IN A 10.251.169.47
sinxtdnsz01.partners.extranet.microsoft.com. 897 IN A 10.251.168.142
tk5-ptnr-dc-05.partners.extranet.microsoft.com. 3234 IN A 10.251.52.143
kaw-ptnr-dc-03.partners.extranet.microsoft.com. 1140 IN A 10.251.162.193

;; Query time: 70 msec
;; SERVER: 131.107.125.65#53(131.107.125.65)
;; WHEN: Thu Feb  9 04:03:26 2012
;; MSG SIZE  rcvd: 777

-DMM

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

Reply via email to