Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread John Miller
Ok--I see what's up now! This has been one of the stranger DNS setups I've ever seen: different NS records pointing to overlapping sets of IP addresses, EDNS disabled, really short TTLs on both NS and A records. Even though you're not querying at the name listed in the NS records, it's usually

Re: Nsupdate usage scenario

2016-05-04 Thread Alan Clegg
On 5/4/16, 4:27 PM, "/dev/rob0" wrote: >My personal recommendation: get over the idea of looking at zone >files; use "dig axfr example.com. | less". Let named manage and >serve the DNS data as it will. Comments can be included as

Re: Nsupdate usage scenario

2016-05-04 Thread /dev/rob0
On Wed, May 04, 2016 at 03:17:38PM -0400, Paul Kosinski wrote: > Interesting idea -- it never occurred to me that I could have > separate zone files for sub-domains. Every zone is a subzone of its parent zone. > So, if I had a tiny zone file for "dynamic.example.com" alone, and > a bigger zone

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread Rob Heilman
What is the typo? I ran it three times. The first time gave me the “couldn’t get address” error. The second I got the FORMERR, the third worked when I added +noedns. -rh > On May 4, 2016, at 3:57 PM, John Miller wrote: > > On Wed, May 4, 2016 at 3:23 PM, Rob

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread John Miller
On Wed, May 4, 2016 at 3:57 PM, John Miller wrote: > On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote: >> Could it be that the “adberr:2” logs entries are indicating that it >> periodically can’t find the name servers? >> >> -Rob Heilman >> >> >>

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread John Miller
On Wed, May 4, 2016 at 3:23 PM, Rob Heilman wrote: > Could it be that the “adberr:2” logs entries are indicating that it > periodically can’t find the name servers? > > -Rob Heilman > > > > # dig zulily-com.mail.protection.outlook.com. >

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread Rob Heilman
Could it be that the “adberr:2” logs entries are indicating that it periodically can’t find the name servers? -Rob Heilman # dig zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. dig: couldn't get address for 'ns1-prodeodns.glbdns.o365filtering.com.': failure

Re: Nsupdate usage scenario

2016-05-04 Thread Paul Kosinski
Interesting idea -- it never occurred to me that I could have separate zone files for sub-domains. So, if I had a tiny zone file for "dynamic.example.com" alone, and a bigger zone file for all the other stuff for "example.com", could I be *sure* that nsupdate would *only* modify the tiny file,

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread John Miller
> > dig mail.protection.outlook.com. ns > @ns1-proddns.glbdns.o365filtering.com. +noedns > ;; ANSWER SECTION: > mail.protection.outlook.com. 10 IN NS > ns1-proddns.glbdns.o365filtering.com. > mail.protection.outlook.com. 10 IN NS > ns2-proddns.glbdns.o365filtering.com. > > > > Note the short TTL

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread Carl Byington
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2016-05-04 at 14:02 -0400, Rob Heilman wrote: > query failed (SERVFAIL) for zulily- > com.mail.protection.outlook.com/IN/A ;; ANSWER SECTION: zulily-com.mail.protection.outlook.com. 10 IN A 207.46.163.170

RE: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread John W. Blue
I ran several digs using: dig @ns1-prodeodns.glbdns.o365filtering.com. A zulily-com.mail.protection.outlook.com. +short​ without error. As mentioned previously by Mark Andrews: > SERVFAIL usually means that the server is configured for the zone > but doesn't have a current copy. You gave

Re: Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread Stephane Bortzmeyer
On Wed, May 04, 2016 at 02:02:24PM -0400, Rob Heilman wrote a message of 305 lines which said: > We run BIND 9.9.5-9 on Debian x86_64 to support a moderately sized > email hosting system. System info listed at the end of this > message. We are seeing intermittent but

Intermittent Issues Resolving Microsoft Hostnames

2016-05-04 Thread Rob Heilman
We run BIND 9.9.5-9 on Debian x86_64 to support a moderately sized email hosting system. System info listed at the end of this message. We are seeing intermittent but frequent issues resolving Microsoft records. The hostnames are usually in the form of *.mail.protection.outlook.com

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Stephane Bortzmeyer
On Wed, May 04, 2016 at 07:03:13PM +1000, Mark Andrews wrote a message of 15 lines which said: > fill in with the rest of the root servers names. And if you don't like to type, or if you use another root: sudo tcpdump -n -i ${INTERFACE} port 53 and \( $(for ns in $(dig

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Mark Andrews
tcpdump -n \( host a.root-servers.net or host b.root-servers.net \) and dst port 53 fill in with the rest of the root servers names. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Monitor DNS queries toward Root severs

2016-05-04 Thread Jaap Akkerhuis
Daniel Dawalibi writes: > > Hello > > > > Is there any tool or configuration that allows us to monitor/graph the > number of outbound DNS queries toward the Root servers? http://dnstop.measurement-factory.com/ jaap ___ Please

Monitor DNS queries toward Root severs

2016-05-04 Thread Daniel Dawalibi
Hello Is there any tool or configuration that allows us to monitor/graph the number of outbound DNS queries toward the Root servers? As you can see in the below examples the first query answered by M root then F root in the second query. ; <<>> DiG 9.7.0-P1 <<>> www.cnn.com +trace ;;