dnssec-lookaside != auto
Torinthiel
torinthiel at data.pl
Tue Dec 28 21:18:33 UTC 2010
Dnia 2010-12-28 09:26 Eivind Olsen napisał(a):
>> >> trying to resolve www.microsoft.com or microsoft.com results in a
>> >> "connection timed out; no servers could be reached"
>>
> >
> >Well, for what it's worth - it's not just you having that issue. When
> >testing from home and from work I get the same.
> >
> >Of course, I could be doing something wrong, but whenever I see an error I
> >like to imagine it's somebody elses fault :D
> >
> >One of the nameservers for microsoft.com is ns1.msft.net with an IP
> >address of 65.55.37.62. For some reason the response I get from it is
> >truncated, and retrying using TCP doesn't work. Using EDNS0 also doesn't
> >seem to work, I get FORMERR back:
>
[cut long listing of DNS tries]
Same here, I cannot reach this server with TCP or EDNS, nor get longer
replies (al with dig), nor can bind resolve it locally (although it works
with simple A query)
Confirmed, I can get TCP and EDNS replies from a.ns.se
Gentoo, bind version 9.7.2_p3, server located somewhere in France, in OVH
network.
> >So, to recap: at the risk of showing what a fool I am by doing something
> >completely wrong here, I'm betting Microsoft has messed up their DNS - I
> >would have expected queries over TCP to work, and I would not have
> >expected EDNS to give a FORMERR (but ok, if a nameserver doesn't implement
> >EDNS, giving a FORMERR is apparantly the right thing to do).
>
Not being a bind expert myself (but having read and hopefully understood the
RFC's) I have to agree with it. And, having other issues with Microsoft DNS
server myself (althoug this could be the lameness of it's admins as well), I
don't have a hard time believing this.
Although, if it works when VM is duplicated but has no traffic, it looks
like something else to me (maybe two completely different errors, but with
similar apperance)
Torinthiel
More information about the bind-users
mailing list