-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Gabriele,
On 6/22/12 11:22 AM, Gabriele Paggi wrote: > I'm a BIND novice and I'm trying to understand what causes my > BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried > for the A record of vlasext.partners.extranet.microsoft.com: > At Men & Mice I've investigated this issue a few weeks ago for one of our customers. At that point of time, we've seen NS records with private addresses: dig ns partners.extranet.microsoft.com. ; <<>> DiG 9.9.1 <<>> ns partners.extranet.microsoft.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53053 ;; flags: qr rd ra; QUERY: 1, ANSWER: 18, AUTHORITY: 0, ADDITIONAL: 19 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;partners.extranet.microsoft.com. IN NS ;; ANSWER SECTION: partners.extranet.microsoft.com. 2311 IN NS db3-ptnr-dc-01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS tk5-ptnr-dc-02.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS by1-ptnr-dc-03.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS co2-ptnr-dc-02.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS co2-ptnr-dc-01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS sinxtdnsz01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS kaw-ptnr-dc-02.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS ph1-ptnr-dc-01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS tk5-ptnr-dc-01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS tk5-ptnr-dc-05.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS rno-ptnr-dc-01.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS tk5-ptnr-dc-03.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS sin-ptnr-dc-03.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS sin-ptnr-dc-02.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS by1-ptnr-dc-04.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS kaw-ptnr-dc-03.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS db3-ptnr-dc-02.partners.extranet.microsoft.com. partners.extranet.microsoft.com. 2311 IN NS ph1-ptnr-dc-02.partners.extranet.microsoft.com. ;; ADDITIONAL SECTION: db3-ptnr-dc-01.partners.extranet.microsoft.com. 1406 IN A 10.251.138.15 tk5-ptnr-dc-02.partners.extranet.microsoft.com. 26 IN A 10.251.51.102 by1-ptnr-dc-03.partners.extranet.microsoft.com. 3505 IN A 10.251.94.15 co2-ptnr-dc-02.partners.extranet.microsoft.com. 2941 IN A 10.251.152.89 co2-ptnr-dc-01.partners.extranet.microsoft.com. 2679 IN A 10.251.152.173 sinxtdnsz01.partners.extranet.microsoft.com. 171 IN A 10.251.168.142 kaw-ptnr-dc-02.partners.extranet.microsoft.com. 1101 IN A 10.251.162.20 ph1-ptnr-dc-01.partners.extranet.microsoft.com. 1417 IN A 10.251.26.11 tk5-ptnr-dc-01.partners.extranet.microsoft.com. 2872 IN A 10.251.51.13 tk5-ptnr-dc-05.partners.extranet.microsoft.com. 137 IN A 10.251.52.143 rno-ptnr-dc-01.partners.extranet.microsoft.com. 1375 IN A 10.251.64.113 tk5-ptnr-dc-03.partners.extranet.microsoft.com. 1564 IN A 10.251.52.124 sin-ptnr-dc-03.partners.extranet.microsoft.com. 882 IN A 10.251.168.67 sin-ptnr-dc-02.partners.extranet.microsoft.com. 505 IN A 10.251.169.47 by1-ptnr-dc-04.partners.extranet.microsoft.com. 2270 IN A 10.251.94.16 kaw-ptnr-dc-03.partners.extranet.microsoft.com. 3461 IN A 10.251.162.193 db3-ptnr-dc-02.partners.extranet.microsoft.com. 1690 IN A 10.251.138.59 ph1-ptnr-dc-02.partners.extranet.microsoft.com. 3018 IN A 10.251.26.12 ;; Query time: 1314 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed May 30 18:57:27 2012 ;; MSG SIZE rcvd: 867 The issue seem to differ from the point in the network you are sending the query, and if the resolving DNS server has only IPv4 or is dual-stack (IPv4 + IPv6). It seems that the resolution is sometimes broken, but we have not found the root cause of the issue. This forward zone proved to be an (ugly, but working) workaround: zone "partners.extranet.microsoft.com" IN { type forward; forwarders { 131.107.125.65; 94.245.124.49; 207.46.55.10; 65.55.31.17; }; }; We've also informed Microsoft about the issue. Best regards Carsten Strotmann -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/le38ACgkQsUJ3c+pomYEwDACgit4MdoFl4rfSCcapx1NMr9cB 1bUAn1QNRM2Gw//EsLYnH1jw1g25IvFl =hB+P -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users