host isn't really designed for DNS debugging, beyond telling you what
your resolver chain knows about the record you're asking for. In your
examples it is helpfully showing you what it does know about the record,
which it its PTR.
In your dig example you're getting exactly what you asked for, "Tell me
only about any RRSIG records for this label." There are none, so you got
nothing back. Change your QTYPE to PTR and you'll get an answer.
As was mentioned previously, the problem here was DNSSEC, but it was not
at Microsoft's level. The problem was at ARIN, who apparently made an
operational mistake with the 65.in-addr.arpa zone.
Doug
On 03/07/2016 03:03 PM, Michael Wise wrote:
Not sure what’s going on here, but … this command returns nothing:
$ dig -t RRSIG 87.169.55.65.in-addr.arpa +short
Whereas the first three seem to be returning wrong information, but that
might be an artifact of my home server’s host command?
$ host -t RRSIG 65.55.169.87
87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.
darkthorne:~ bofh$ host 65.55.169.87
87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.
darkthorne:~ bofh$ host -t DNSKEY 65.55.169.87
87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.
darkthorne:~ bofh$ host -t DNSKEY hotmail.com
hotmail.com has no DNSKEY record
Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
Been Processed." | Got the Junk Mail Reporting Tool ?
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop