mail.protection.outlook.com queries to ns1-proddns.glbdns.o365filtering.com
Carl Byington
carl at byington.org
Fri Jul 1 17:24:44 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Those dns servers answer queries for A records, but return notimpl for
TLSA queries. And they don't understand edns.
time dig _25._tcp.spe-sony-com.mail.protection.outlook.com tlsa
@ns1-proddns.glbdns.o365filtering.com. +noedns
That runs in .1 or .2 seconds here, talking directly to their server.
time dig _25._tcp.spe-sony-com.mail.protection.outlook.com tlsa
That takes between .9 and 1.5 seconds, talking to the local bind
9.10.4-P1 resolver. Looking at tcpdump output, the local resolver asks
all four servers for the answer twice, both times getting notimpl
results.
mail.protection.outlook.com has two NS records, but (at least as seen
from here) both names have the same four IPv4 addresses.
Is there something preventing an ip address merge to only send four
outgoing queries?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAld2p1MACgkQL6j7milTFsHVJACdEa614rKep2fumntitXyHNqGj
sawAn3I5b6ke9o7eJhgRcaSaQg1h3VLL
=WiA/
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list