Hello Jeffry,
FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver. On this system "dig @localhost vlasext.partners.extranet.microsoft.com a" returns the answer 70.42.230.20 and identifies dns11.one.microsoft.com (94.245.124.49) as one of four authoritative servers. "dig @94.245.124.49 vlasext.partners.extranet.microsoft.com a" also returns the answer 70.42.230.20, but no authority or additional records (except EDNS UDP 4000), and with no AA flag set. On the contrary querying one of my own authoritative servers, also running BIND 9.9.1-P1, for a record for which it is authoritative ("dig @ns2.countryday.net countryday.net a") does return the answer along with authority and additional records for the name servers and does have the AA flag set. Finally querying one of my internal Microsoft DNS servers (Windows Server 2008 R2 SP1) for a record for which it is authoritative gives me a correct answer, no authority or additional records (except EDNS UDP 4000), but does
have the AA flag set.
Thanks. At least I know an upgrade would fix the issue although I still
don't know what and where the problem is (Microsoft DNS reply? BIND?).
From what I observed I would conclude that dns11.one.microsoft.com is a
Windows DNS server since it behaves like mine except for the AA flag not being
set in theirs. The missing AA flag and lack of authority and additional records
in their response seems like improper behavior to me, but I don't know whether
or not the DNS protocol actually requires this. Apparently BIND 9.9.1-P1 is
able to handle this situation.
I kind of assumed Microsoft would have been running a Windows DNS for
their domains ;-)
Gabriele
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
