[dns-operations] SOA-less (uncacheable) NODATA from `protection.outlook.com` nameservers
The nameservers for both `protection.outlook.com` and `olc.protection.outlook.com` are: ns[12]-gtm.glbdns.o365filtering.com They return uncacheable NODATA responses with no SOA [RFC2308 Sec. 5]. Any IPv6 client that asks for the records of various "olc" hosts will therefore elicit uncacheable answers: $ ns=ns2-gtm.glbdns.o365filtering.com $ qname=hotmail-com.olc.protection.outlook.com. $ qtype= $ dig +norecur +nocmd -t $qtype $qname @$ns ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21255 ;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;hotmail-com.olc.protection.outlook.com.IN ;; Query time: 14 msec ;; SERVER: 104.47.38.8#53(104.47.38.8) ;; WHEN: Fri Oct 21 14:32:47 EDT 2022 ;; MSG SIZE rcvd: 67 This seems suboptimal to me. Is anyone at Microsoft in a position to append addressing this (mis)behaviour to the list of future improvements? Note that the host in question is the MX host for hotmail.com, for which queries would be quite common, given the billions of email messages a day handled by hotmail.com and outlook.com (same symptoms). -- Viktor. [ Cross-posted on OARC Mattermost "Town Hall" forum ] ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] What's going on at Microsoft?
> On 21 Oct 2022, at 09:51, Stephane Bortzmeyer wrote: > > On Fri, Oct 21, 2022 at 08:49:16AM +0200, > Borja Marcos wrote > a message of 41 lines which said: > >> Right now I have quite a lot of pollution on my recursive error logs due to >> two Microsoft operated domains: >> >> microsoftdnstest.net >> msedge.net > > For microsoftdnstest.net, the two name servers do reply but they reply > SERVFAIL (and, unfortunately, without EDE). > > msedge.net works fine for me. (But of course, names like > t-ring-fallback.msedge.net which redirect to microsoftdnstest.net are > not useful.) Yes, for some reason I have some customers querying those like crazy. Ah didn’t notice that t-ring… is a CNAME. Anyway hope someone from MS can jump in! Thanks :) Borja. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] What's going on at Microsoft?
On Fri, Oct 21, 2022 at 08:49:16AM +0200, Borja Marcos wrote a message of 41 lines which said: > Right now I have quite a lot of pollution on my recursive error logs due to > two Microsoft operated domains: > > microsoftdnstest.net > msedge.net For microsoftdnstest.net, the two name servers do reply but they reply SERVFAIL (and, unfortunately, without EDE). msedge.net works fine for me. (But of course, names like t-ring-fallback.msedge.net which redirect to microsoftdnstest.net are not useful.) ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] What's going on at Microsoft?
Hi, Right now I have quite a lot of pollution on my recursive error logs due to two Microsoft operated domains: microsoftdnstest.net msedge.net The errors begun on October 17th. And I get the same SERVFAILs querying public recursive DNS services such as Google, Quad9, etc. Is there anyone from Microsoft here? I see both domains are broken according to dnsviz.net. Thanks, Borja Marcos. Sarenet ASN3262 P.S: The offending queries are: www.microsoftdnstest.net ns1.microsoftdnstest.net ns2.microsoftdnstest.net t-ring-fallback.msedge.net t-s2-ring.msedge.net t-ring-fallbacks2.msedge.net t-ring-fallbacks1.msedge.net ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations