I like to use this tool to tell me everything...
I used it on the first domain, told me there are 2 errors:
http://dnsviz.net/d/alleghenycourts-us.mail.protection.outlook.com/dnssec/
On Wed, May 4, 2016 at 8:45 AM, Rob Heilman <rheil...@echolabs.net> wrote:
> Got a fresh batch of DNS failures in the logs. Below is a sampling. From
> the BIND source code resolver.c:
>
> } else if (result != ISC_R_SUCCESS) {
> /*
> * Something bad happened.
> */
> fctx_done(fctx, result, __LINE__);
> return;
> }
>
> Has anyone seen this before or know what might be happening? If not I
> will try to escalate to ISC to see if they can help diagnose.
>
> -Rob Heilman
>
> 04-May-2016 09:46:22.236 query-errors: debug 1: client 10.10.10.95#44080 (
> alleghenycourts-us.mail.protection.outlook.com): query failed (SERVFAIL)
> for alleghenycourts-us.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:46:22.236 query-errors: debug 1: client 10.10.10.95#44080 (
> courts-phila-gov.mail.protection.outlook.com): query failed (SERVFAIL)
> for courts-phila-gov.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:46:22.236 query-errors: debug 2: fetch completed at
> resolver.c:3074 for alleghenycourts-us.mail.protection.outlook.com/A
> in 0.000122: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:46:22.236 query-errors: debug 2: fetch completed at
> resolver.c:3074 for courts-phila-gov.mail.protection.outlook.com/A
> in 0.000272: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:46:49.389 query-errors: debug 1: client 10.10.10.96#48950 (
> petersoncpa-com02b.mail.protection.outlook.com): query failed (SERVFAIL)
> for petersoncpa-com02b.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:46:49.389 query-errors: debug 2: fetch completed at
> resolver.c:3074 for petersoncpa-com02b.mail.protection.outlook.com/A
> in 0.000078: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:22.030 query-errors: debug 1: client 10.10.10.96#48950 (
> supervaluinc.mail.protection.outlook.com): query failed (SERVFAIL) for
> supervaluinc.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:22.030 query-errors: debug 2: fetch completed at
> resolver.c:3074 for supervaluinc.mail.protection.outlook.com/A in
> 0.000084: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:25.817 query-errors: debug 1: client 10.10.10.96#48950 (
> casella-com.mail.protection.outlook.com): query failed (SERVFAIL) for
> casella-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:25.817 query-errors: debug 2: fetch completed at
> resolver.c:3074 for casella-com.mail.protection.outlook.com/A in
> 0.000092: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:26.792 query-errors: debug 1: client 10.10.10.95#44080 (
> ghscoslaw-com.mail.protection.outlook.com): query failed (SERVFAIL) for
> ghscoslaw-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:26.792 query-errors: debug 2: fetch completed at
> resolver.c:3074 for ghscoslaw-com.mail.protection.outlook.com/A in
> 0.000093: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:27.855 query-errors: debug 1: client 10.10.10.95#44080 (
> casella-com.mail.protection.outlook.com): query failed (SERVFAIL) for
> casella-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:27.855 query-errors: debug 2: fetch completed at
> resolver.c:3074 for casella-com.mail.protection.outlook.com/A in
> 0.000090: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:55.476 query-errors: debug 1: client 10.10.10.95#44080 (
> slcccpa-com.mail.protection.outlook.com): query failed (SERVFAIL) for
> slcccpa-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:55.477 query-errors: debug 2: fetch completed at
> resolver.c:3074 for slcccpa-com.mail.protection.outlook.com/A in
> 0.000079: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:58.769 query-errors: debug 1: client 10.10.10.95#44080 (
> dnvgl-com.mail.protection.outlook.com): query failed (SERVFAIL) for
> dnvgl-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:58.769 query-errors: debug 2: fetch completed at
> resolver.c:3074 for dnvgl-com.mail.protection.outlook.com/A in
> 0.000075: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:47:58.771 query-errors: debug 1: client 10.10.10.95#44080 (
> pennsylvanianetworks-com.mail.protection.outlook.com): query
> failed (SERVFAIL) for
> pennsylvanianetworks-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:47:58.771 query-errors: debug 2: fetch completed at
> resolver.c:3074 for pennsylvanianetworks-com.mail.protection.outlook.com/A in
> 0.000109: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:48:05.128 query-errors: debug 1: client 10.10.10.96#48950 (
> AllianceTrucks-com.mail.protection.outlook.com
> <http://alliancetrucks-com.mail.protection.outlook.com>): query
> failed (SERVFAIL) for AllianceTrucks-com.mail.protection.outlook.com/IN/A
> <http://alliancetrucks-com.mail.protection.outlook.com/IN/A> at
> query.c:7004
> 04-May-2016 09:48:05.128 query-errors: debug 2: fetch completed at
> resolver.c:3074 for AllianceTrucks-com.mail.protection.outlook.com/A
> <http://alliancetrucks-com.mail.protection.outlook.com/A> in 0.000092:
> failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
> 04-May-2016 09:48:06.028 query-errors: debug 1: client 10.10.10.96#48950 (
> allianceretail-com.mail.protection.outlook.com): query failed (SERVFAIL)
> for allianceretail-com.mail.protection.outlook.com/IN/A at query.c:7004
> 04-May-2016 09:48:06.028 query-errors: debug 2: fetch completed at
> resolver.c:3074 for allianceretail-com.mail.protection.outlook.com/A
> in 0.000085: failure/success [domain:mail.protection.outlook.com
> ,referral:0,restart:1,qrysent:0,timeout:0,lame:0,neterr:0,badresp:0,adberr:2,findfail:0,valfail:0]
>
>
>
>
> On Apr 29, 2016, at 10:27 AM, Rob Heilman <rheil...@echolabs.net> wrote:
>
> I have increased query-errors logging in BIND to level 10. Hopefully that
> will give us more to work with when the problem re-occurs. Hopefully all
> the invalid PTRs won’t cause these logs to melt the boxes.
>
> -Rob Heilman
>
>
> On Apr 28, 2016, at 5:56 PM, Michael Wise <michael.w...@microsoft.com>
> wrote:
>
>
> So is the FORMERR ... just the resolver noting that EDNS is not supported?
> If so, I'm uncertain of the issue.
> We don't use EDNS here, so that's what the “our” servers should be doing,
> yes?
>
> Also, when I replied (“ALL”) to this thread a bit earlier, my response was
> bounced by one particular recipient with:
>
> Error Details
> Reported error: 550 5.7.1 Mail rejected - dcc score 1000
> Retry count: 1
> DSN generated by: BY2PR03MB409.namprd03.prod.outlook.com
> <http://by2pr03mb409.namprd03.prod.outlook.com/>
> Remote server: *
>
> Traffic to a mailinglist is scored with DCC?
>
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
> Processed." | Got the Junk Mail Reporting Tool ?
>
> -----Original Message-----
> From: mailop [mailto:mailop-boun...@mailop.org <mailop-boun...@mailop.org>]
> On Behalf Of Carl Byington
> Sent: Thursday, April 28, 2016 2:16 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Thu, 2016-04-28 at 20:57 +0000, Michael Wise wrote:
> > If the "Aware" flag expired, would best practice not be to check that
> > first rather than presuppose that the facility does exist?
>
> The check for "edns aware" involves sending the query with edns
> extensions. If the reply is formerr (or possibly others?), then you can
> remember that this server does not understand edns, and repeat the query
> without it.
>
> If you just do the first query without edns, there is no mechanism to then
> learn that that server does indeed understand edns.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iEYEAREKAAYFAlcifY8ACgkQL6j7milTFsEyTgCfbLe36v3LuECg+Ma4/mjxq52c
> C9oAnjFeZYZjl2//eCsWM3NvkeWwthUy
> =H2pv
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> _______________________________________________
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
