bind 9.7.2-P3 does not resolve www.microsoft.com

Tue Dec 28 08:26:23 UTC 2010

> trying to resolve www.microsoft.com or microsoft.com results in a
> "connection timed out; no servers could be reached"

Well, for what it's worth - it's not just you having that issue. When
testing from home and from work I get the same.

Of course, I could be doing something wrong, but whenever I see an error I
like to imagine it's somebody elses fault :D

One of the nameservers for microsoft.com is ns1.msft.net with an IP
address of 65.55.37.62. For some reason the response I get from it is
truncated, and retrying using TCP doesn't work. Using EDNS0 also doesn't
seem to work, I get FORMERR back:

[eivind at vimes ~]$ /usr/local/bin/dig any microsoft.com @65.55.37.62
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.7.2-P2 <<>> any microsoft.com @65.55.37.62
;; global options: +cmd
;; connection timed out; no servers could be reached
[eivind at vimes ~]$ /usr/local/bin/dig +edns=0 any microsoft.com @65.55.37.62

; <<>> DiG 9.7.2-P2 <<>> +edns=0 any microsoft.com @65.55.37.62
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 6660
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;microsoft.com.                 IN      ANY

;; Query time: 205 msec
;; SERVER: 65.55.37.62#53(65.55.37.62)
;; WHEN: Tue Dec 28 09:10:55 2010
;; MSG SIZE  rcvd: 42

[eivind at vimes ~]$

Doing queries that give shorter answers work fine - look at these, notice
the big (but still small enough) TXT reply, and then see how it fails on a
query for "any":

[eivind at vimes ~]$ /usr/local/bin/dig +short any www.microsoft.com
@65.55.37.62
toggle.www.ms.akadns.net.
[eivind at vimes ~]$ /usr/local/bin/dig +short mx www.microsoft.com @65.55.37.62
toggle.www.ms.akadns.net.
[eivind at vimes ~]$ /usr/local/bin/dig +short mx microsoft.com @65.55.37.62
10 mail.messaging.microsoft.com.
[eivind at vimes ~]$ /usr/local/bin/dig +short txt microsoft.com @65.55.37.62
"v=spf1 mx include:_spf-a.microsoft.com include:_spf-b.microsoft.com
include:_spf-c.microsoft.com include:_spf-ssg-a.microsoft.com
ip4:131.107.115.212 ip4:131.107.115.215 ip4:131.107.115.214
ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all"
"FbUF6DbkE+Aw1/wi9xgDi8KVrIIZus5v8L6tbIQZkGrQ/rVQKJi8CjQbBtWtE64ey4NJJwj5J65PIggVYNabdQ=="
[eivind at vimes ~]$ /usr/local/bin/dig +short any microsoft.com @65.55.37.62
;; Truncated, retrying in TCP mode.
;; connection timed out; no servers could be reached
[eivind at vimes ~]$

And in general, I don't have problems with EDNS0 or using TCP to look up
other domains with big replies, for example I can use both both of these
commands just fine:

/usr/local/bin/dig +edns=0 any se. @a.ns.se
/usr/local/bin/dig +vc any se. @a.ns.se

So, to recap: at the risk of showing what a fool I am by doing something
completely wrong here, I'm betting Microsoft has messed up their DNS - I
would have expected queries over TCP to work, and I would not have
expected EDNS to give a FORMERR (but ok, if a nameserver doesn't implement
EDNS, giving a FORMERR is apparantly the right thing to do).