-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Those dns servers answer queries for A records, but return notimpl for TLSA queries. And they don't understand edns.
time dig _25._tcp.spe-sony-com.mail.protection.outlook.com tlsa @ns1-proddns.glbdns.o365filtering.com. +noedns That runs in .1 or .2 seconds here, talking directly to their server. time dig _25._tcp.spe-sony-com.mail.protection.outlook.com tlsa That takes between .9 and 1.5 seconds, talking to the local bind 9.10.4-P1 resolver. Looking at tcpdump output, the local resolver asks all four servers for the answer twice, both times getting notimpl results. mail.protection.outlook.com has two NS records, but (at least as seen from here) both names have the same four IPv4 addresses. Is there something preventing an ip address merge to only send four outgoing queries? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAld2p1MACgkQL6j7milTFsHVJACdEa614rKep2fumntitXyHNqGj sawAn3I5b6ke9o7eJhgRcaSaQg1h3VLL =WiA/ -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users