Unspecified error DNS query
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Fri Oct 7 16:20:11 UTC 2016
There's nothing particularly unusual about the "retrying in TCP mode" message - as Mark explained, that happens whenever the packet size is big and EDNS0 is not being used.
I looked up this name from an internal Windows 7 box through a BIND-based forwarder (in North America), and it resolves fine:
Non-authoritative answer:
Name: live-namnorth.office365.com
Addresses: 40.97.169.162
132.245.46.34
132.245.22.146
132.245.37.130
40.96.7.114
132.245.250.130
132.245.71.178
132.245.75.18
132.245.59.114
40.97.144.50
Aliases: outlook.live.com
edge-live.outlook.office.com
outlook-live-com.a-0010.a-msedge.net
ipv4.outlook.com
outlook.live.com.glbdns2.microsoft.com
C:\Windows\System32>
Like your response, there are 5 CNAMEs and 10 A records.
So, I would say either something is wrong with your client build, or there's a middlebox somewhere that's messing with the packets, possibly because it doesn't how the TCP flavor of DNS works. Time to take a packet capture and see what's really going on.
- Kevin
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Daniel Dawalibi
Sent: Friday, October 07, 2016 8:01 AM
To: bind-users at lists.isc.org
Subject: Unspecified error DNS query
Hello
We are getting "Unspecified error" when querying our DNS server (Query: outlook.live.com) from a PC communication with our DNS
We tried to perform the same query from the DNS itself (local host) and we found that the Dig output is showing with the following message "Truncated, retrying in TCP mode".
We also observed that the message size of the requested query "outlook.live.com" increased recently from MSG SIZE 221 to 770
Can you please help why we are getting this error (client side) and why the TCP mode is shown in the dig output since other queries do not show TCP mode in their output?
[root at DNS1 dan]# dig outlook.live.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> outlook.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45725
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 7, ADDITIONAL: 11
;; QUESTION SECTION:
;outlook.live.com. IN A
;; ANSWER SECTION:
outlook.live.com. 881 IN CNAME edge-live.outlook.office.com.
edge-live.outlook.office.com. 280 IN CNAME outlook-live-com.a-0010.a-msedge.net.
outlook-live-com.a-0010.a-msedge.net. 160 IN CNAME ipv4.outlook.com.
ipv4.outlook.com. 126 IN CNAME outlook.live.com.glbdns2.microsoft.com.
outlook.live.com.glbdns2.microsoft.com. 280 IN CNAME live-emeaeast3.office365.com.
live-emeaeast3.office365.com. 294 IN A 40.101.44.178
live-emeaeast3.office365.com. 294 IN A 134.170.68.82
live-emeaeast3.office365.com. 294 IN A 40.101.28.178
live-emeaeast3.office365.com. 294 IN A 40.101.1.82
live-emeaeast3.office365.com. 294 IN A 132.245.79.242
live-emeaeast3.office365.com. 294 IN A 40.96.21.34
live-emeaeast3.office365.com. 294 IN A 40.101.9.2
live-emeaeast3.office365.com. 294 IN A 40.101.60.2
live-emeaeast3.office365.com. 294 IN A 40.96.21.50
live-emeaeast3.office365.com. 294 IN A 132.245.194.242
;; AUTHORITY SECTION:
office365.com. 170080 IN NS ns2.msft.net.
office365.com. 170080 IN NS ns1a.o365filtering.com.
office365.com. 170080 IN NS ns3.msft.net.
office365.com. 170080 IN NS ns1.msft.net.
office365.com. 170080 IN NS ns4a.o365filtering.com.
office365.com. 170080 IN NS ns4.msft.net.
office365.com. 170080 IN NS ns2a.o365filtering.com.
;; ADDITIONAL SECTION:
ns1.msft.net. 289 IN A 208.84.0.53
ns2.msft.net. 170080 IN A 208.84.2.53
ns3.msft.net. 289 IN A 193.221.113.53
ns4.msft.net. 170080 IN A 208.76.45.53
ns1a.o365filtering.com. 311 IN A 157.56.110.11
ns2a.o365filtering.com. 311 IN A 157.56.116.52
ns4a.o365filtering.com. 311 IN A 157.55.133.11
ns1.msft.net. 289 IN AAAA 2620:0:30::53
ns2.msft.net. 170080 IN AAAA 2620:0:32::53
ns3.msft.net. 289 IN AAAA 2620:0:34::53
ns4.msft.net. 170080 IN AAAA 2620:0:37::53
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 7 07:57:41 2016
;; MSG SIZE rcvd: 770
Regards
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161007/0dec61c1/attachment.html>
More information about the bind-users
mailing list