On Thursday, 8 March, 2018 16:28, "Ken O'Driscoll via mailop"
<mailop@mailop.org> said:
> That looks like a problem with your local resolver. My guess is that you
> are doing some sort of query forwarding or maybe querying the root servers
> in an improper manner.
It looks pretty odd from here too.
If you query any of ns{1,2,3,4}.bdm.microsoftonline.com for an A record for
something.onmicrosoft.com, you get an empty answer, but the AA flag set and an
SOA record in the Authority section indicating that the server believes it's
authoritative:
tim@fluffkin:~$ dig @ns2.bdm.microsoftonline.com. www.onmicrosoft.com.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns2.bdm.microsoftonline.com.
www.onmicrosoft.com.
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9954
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.onmicrosoft.com. IN A
;; AUTHORITY SECTION:
www.onmicrosoft.com. 1 IN SOA ns1.bdm.microsoftonline.com.
msnhst.microsoft.com. 2007070100 10800 1800 691200 3600
;; Query time: 118 msec
;; SERVER: 2a01:111:f406:3403::41#53(2a01:111:f406:3403::41)
;; WHEN: Thu Mar 08 16:52:38 GMT 2018
;; MSG SIZE rcvd: 128
Similarly if you ask for another record type for the naked onmicrosoft.com,
e.g. MX, you get an answer, still with an AA flag but no Authority:
tim@fluffkin:~$ dig mx @ns2.bdm.microsoftonline.com. onmicrosoft.com.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> mx @ns2.bdm.microsoftonline.com.
onmicrosoft.com.
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28820
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;onmicrosoft.com. IN MX
;; ANSWER SECTION:
onmicrosoft.com. 86400 IN MX 0 ns1.bdm.microsoftonline.com.
onmicrosoft.com. 86400 IN MX 0 ns3.bdm.microsoftonline.com.
;; ADDITIONAL SECTION:
ns1.bdm.microsoftonline.com. 86400 IN A 207.46.15.59
ns1.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:1804::59
ns3.bdm.microsoftonline.com. 86400 IN A 191.232.83.138
ns3.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:b400::22
;; Query time: 117 msec
;; SERVER: 2a01:111:f406:3403::41#53(2a01:111:f406:3403::41)
;; WHEN: Thu Mar 08 16:54:51 GMT 2018
;; MSG SIZE rcvd: 195
But if you ask for an A record for onmicrosoft.com, you get an empty answer,
but no AA flag and an Authority section filled with NS records. The absence of
AA flag says that the server doesn't think it's authoritative, and you should
try the servers suggested in the Authority section instead - but those point
back to exactly the same place, forming a loop:
tim@fluffkin:~$ dig @ns2.bdm.microsoftonline.com. onmicrosoft.com.
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns2.bdm.microsoftonline.com. onmicrosoft.com.
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43173
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 9
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;onmicrosoft.com. IN A
;; AUTHORITY SECTION:
onmicrosoft.com. 86400 IN NS ns2.bdm.microsoftonline.com.
onmicrosoft.com. 86400 IN NS ns3.bdm.microsoftonline.com.
onmicrosoft.com. 86400 IN NS ns4.bdm.microsoftonline.com.
onmicrosoft.com. 86400 IN NS ns1.bdm.microsoftonline.com.
;; ADDITIONAL SECTION:
ns2.bdm.microsoftonline.com. 86400 IN A 157.56.81.41
ns2.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:3403::41
ns3.bdm.microsoftonline.com. 86400 IN A 191.232.83.138
ns3.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:b400::22
ns4.bdm.microsoftonline.com. 86400 IN A 157.55.45.9
ns4.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:8003::22
ns1.bdm.microsoftonline.com. 86400 IN A 207.46.15.59
ns1.bdm.microsoftonline.com. 86400 IN AAAA 2a01:111:f406:1804::59
;; Query time: 117 msec
;; SERVER: 2a01:111:f406:3403::41#53(2a01:111:f406:3403::41)
;; WHEN: Thu Mar 08 17:03:53 GMT 2018
;; MSG SIZE rcvd: 315
Maybe my DNS-fu is rusty, but that doesn't look correct to me.
Regards,
Tim.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
