dnssec-lookaside != auto

[Torinthiel]

Dnia 2010-12-28 09:26 Eivind Olsen napisał(a):


>> >> trying to resolve www.microsoft.com or microsoft.com results in a
>> >> "connection timed out; no servers could be reached"
>>     
> >
> >Well, for what it's worth - it's not just you having that issue. When
> >testing from home and from work I get the same.
> >
> >Of course, I could be doing something wrong, but whenever I see an error I
> >like to imagine it's somebody elses fault :D
> >
> >One of the nameservers for microsoft.com is ns1.msft.net with an IP
> >address of 65.55.37.62. For some reason the response I get from it is
> >truncated, and retrying using TCP doesn't work. Using EDNS0 also doesn't
> >seem to work, I get FORMERR back:
>   


[cut long listing of DNS tries]

Same here, I cannot reach this server with TCP or EDNS, nor get longer 
replies (al with dig), nor can bind resolve it locally (although it works 
with simple A query)
Confirmed, I can get TCP and EDNS replies from a.ns.se

Gentoo, bind version 9.7.2_p3, server located somewhere in France, in OVH 
network.



> >So, to recap: at the risk of showing what a fool I am by doing something
> >completely wrong here, I'm betting Microsoft has messed up their DNS - I
> >would have expected queries over TCP to work, and I would not have
> >expected EDNS to give a FORMERR (but ok, if a nameserver doesn't implement
> >EDNS, giving a FORMERR is apparantly the right thing to do).
>   

Not being a bind expert myself (but having read and hopefully understood the 
RFC's) I have to agree with it. And, having other issues with Microsoft DNS 
server myself (althoug this could be the lameness of it's admins as well), I 
don't have a hard time believing this.

Although, if it works when VM is duplicated but has no traffic, it looks 
like something else to me (maybe two completely different errors, but with 
similar apperance)

Torinthiel