expedia.msn.com does not resolve

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 16 01:31:34 UTC 2001 

Barry Margolin wrote:

> In article <9lf00c$2ah at pub3.rc.vix.com>,
> Brad Knowles  <brad.knowles at skynet.be> wrote:
> >
> >At 6:20 PM -0400 8/15/01, Kevin Darcy wrote:
> >
> >>  (It seems I was overly preoccupied trying to tie together this poster's
> >>  problem with the microsoft.com mail problem I had yesterday...)
> >
> >       The thing I find so amusing is that Microsoft apparently blocks
> >TCP port 53 queries to at least some of their nameservers (if not all
> >of them).  First, they had only two nameservers, and they were taken
> >down by the simplest of DoS attacks.  Now they compound their
> >stupidity of having *twelve* nameservers (which virtually guarantees
> >UDP truncation in many cases), by refusing TCP port 53 queries.
>
> I don't think you're supposed to set the truncated flag if the overflow is
> due to records in the Additional Records section.  And since all the
> servers are in the msft.net domain, DNS's compression mechanism allows
> most answers to fit in a UDP packet.
>
> It also looks like the msft.net servers don't fill in the Authority section
> of their responses, which keeps these responses from being truncated.  I
> suspect that the OP's problem is that his internal nameserver is configured
> to forward to a BIND nameserver outside the firewall.  That nameserver
> fills in the Authority section, which causes overflow and truncation, and
> then the firewall blocks the TCP retry.

Right. Querying through my BIND server resulted in a response packet of over 700
bytes (and the aforementioned 5-second delay).


- Kevin

> % dig expedia.msn.com a @DNS2.CP.MSFT.NET
>
> ; <<>> DiG 8.3 <<>> expedia.msn.com a @DNS2.CP.MSFT.NET
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      expedia.msn.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> expedia.msn.com.        1H IN CNAME     expedia.com.
> expedia.com.            1H IN A         207.46.184.30
> expedia.com.            1H IN A         207.46.184.65
> expedia.com.            1H IN A         207.46.184.70
> expedia.com.            1H IN A         207.46.184.75
> expedia.com.            1H IN A         207.46.184.88
> expedia.com.            1H IN A         207.46.184.120
> expedia.com.            1H IN A         207.46.184.125
> expedia.com.            1H IN A         207.46.184.15
> expedia.com.            1H IN A         207.46.184.155
> expedia.com.            1H IN A         207.46.184.165
> expedia.com.            1H IN A         207.46.184.175
> expedia.com.            1H IN A         207.46.184.220
> expedia.com.            1H IN A         207.46.184.25
>
> ;; Total query time: 115 msec
> ;; FROM: tools.genuity.com to SERVER: DNS2.CP.MSFT.NET  207.46.138.21
> ;; WHEN: Wed Aug 15 20:44:39 2001
> ;; MSG SIZE  sent: 33  rcvd: 263

More information about the bind-users mailing list