Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Doug Barton 

Further info:

http://lists.arin.net/pipermail/arin-ppml/2016-March/030726.html

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Doug Barton 

No worries :)


On 03/08/2016 01:28 PM, Michael Wise wrote:

Yes, noticed the ARIN involvement, and went to wash my hands, so to speak.
It's been a while since I was mucking about with DNS stuffs...

Aloha,
Michael.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Michael Wise 
Yes, noticed the ARIN involvement, and went to wash my hands, so to speak.
It's been a while since I was mucking about with DNS stuffs...

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?


-Original Message-
From: Doug Barton [mailto:dougb@dougbarton.email] 
Sent: Tuesday, March 8, 2016 1:24 PM
To: Michael Wise ; Tony Bunce 
; Michael Peddemors ; 
mailop@mailop.org
Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail 
today?

host isn't really designed for DNS debugging, beyond telling you what 
your resolver chain knows about the record you're asking for. In your 
examples it is helpfully showing you what it does know about the record, 
which it its PTR.

In your dig example you're getting exactly what you asked for, "Tell me 
only about any RRSIG records for this label." There are none, so you got 
nothing back. Change your QTYPE to PTR and you'll get an answer.

As was mentioned previously, the problem here was DNSSEC, but it was not 
at Microsoft's level. The problem was at ARIN, who apparently made an 
operational mistake with the 
https://na01.safelinks.protection.outlook.com/?url=65.in-addr.arpa&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=UYYEiE6s6ZKcMdMxdYZHm9JOEun5e6qfJJruLRW3dkk%3d
 zone.

Doug


On 03/07/2016 03:03 PM, Michael Wise wrote:
> Not sure what’s going on here, but … this command returns nothing:
>
> $ dig -t RRSIG 
> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WZxuXCnXSptFWkcTfZU7YX7SHhcSdPq1WbUdIrvs4Mk%3d
>  +short
>
> Whereas the first three seem to be returning wrong information, but that
> might be an artifact of my home server’s host command?
>
> $ host -t RRSIG 65.55.169.87
>
> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WZxuXCnXSptFWkcTfZU7YX7SHhcSdPq1WbUdIrvs4Mk%3d
>  domain name pointer
> mail-bl2on0087.outbound.protection.outlook.com.
>
> darkthorne:~ bofh$ host 65.55.169.87
>
> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WZxuXCnXSptFWkcTfZU7YX7SHhcSdPq1WbUdIrvs4Mk%3d
>  domain name pointer
> mail-bl2on0087.outbound.protection.outlook.com.
>
> darkthorne:~ bofh$ host -t DNSKEY 65.55.169.87
>
> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WZxuXCnXSptFWkcTfZU7YX7SHhcSdPq1WbUdIrvs4Mk%3d
>  domain name pointer
> mail-bl2on0087.outbound.protection.outlook.com.
>
> darkthorne:~ bofh$ host -t DNSKEY 
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=UCymbavgmIKkAnlx1Uipma3TZNODYWM1O3opFyNqGCo%3d
>
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cMichael.Wise%40microsoft.com%7c5c1067b93b8f4bc3e5d208d34797f78c%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=UCymbavgmIKkAnlx1Uipma3TZNODYWM1O3opFyNqGCo%3d
>  has no DNSKEY record
>
> Aloha,
>
> Michael.
>
> --
>
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
> Been Processed." | Got the Junk Mail Reporting Tool ?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Doug Barton 
host isn't really designed for DNS debugging, beyond telling you what 
your resolver chain knows about the record you're asking for. In your 
examples it is helpfully showing you what it does know about the record, 
which it its PTR.


In your dig example you're getting exactly what you asked for, "Tell me 
only about any RRSIG records for this label." There are none, so you got 
nothing back. Change your QTYPE to PTR and you'll get an answer.


As was mentioned previously, the problem here was DNSSEC, but it was not 
at Microsoft's level. The problem was at ARIN, who apparently made an 
operational mistake with the 65.in-addr.arpa zone.


Doug


On 03/07/2016 03:03 PM, Michael Wise wrote:

Not sure what’s going on here, but … this command returns nothing:

$ dig -t RRSIG 87.169.55.65.in-addr.arpa +short

Whereas the first three seem to be returning wrong information, but that
might be an artifact of my home server’s host command?

$ host -t RRSIG 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host -t DNSKEY 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host -t DNSKEY hotmail.com

hotmail.com has no DNSKEY record

Aloha,

Michael.

--

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
Been Processed." | Got the Junk Mail Reporting Tool ?



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Doug Barton 

I don't see it listed there ...


On 03/08/2016 06:40 AM, Franck Martin via mailop wrote:

The outage is listed at https://ianix.com/pub/dnssec-outages.html

On Tue, Mar 8, 2016 at 6:21 AM, Vick Khera mailto:vi...@khera.org>> wrote:


On Mon, Mar 7, 2016 at 6:00 PM, Carl Byington mailto:c...@five-ten-sg.com>> wrote:

Yes, arin.net 
failed to renew the dnssec signatures on 65.in-addr.arpa.
They have expired, and anyone behind a dnssec enforcing resolver
can no
longer see ptr records in that tree.


Looks to be corrected now. It resolves for both my own recursive
resolver which enforces DNSSEC as well as 8.8.8.8.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Franck Martin via mailop 
The outage is listed at https://ianix.com/pub/dnssec-outages.html

On Tue, Mar 8, 2016 at 6:21 AM, Vick Khera  wrote:

>
> On Mon, Mar 7, 2016 at 6:00 PM, Carl Byington 
> wrote:
>
>> Yes, arin.net
>>
>> failed to renew the dnssec signatures on 65.in-addr.arpa.
>> They have expired, and anyone behind a dnssec enforcing resolver can no
>> longer see ptr records in that tree.
>>
>
> Looks to be corrected now. It resolves for both my own recursive resolver
> which enforces DNSSEC as well as 8.8.8.8.
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-08 Thread Vick Khera 
On Mon, Mar 7, 2016 at 6:00 PM, Carl Byington  wrote:

> Yes, arin.net
>
> failed to renew the dnssec signatures on 65.in-addr.arpa.
> They have expired, and anyone behind a dnssec enforcing resolver can no
> longer see ptr records in that tree.
>

Looks to be corrected now. It resolves for both my own recursive resolver
which enforces DNSSEC as well as 8.8.8.8.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Michael Wise 


Not sure what’s going on here, but … this command returns nothing:



$ dig -t RRSIG 87.169.55.65.in-addr.arpa +short



Whereas the first three seem to be returning wrong information, but that might 
be an artifact of my home server’s host command?



$ host -t RRSIG 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer 
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer 
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host -t DNSKEY 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer 
mail-bl2on0087.outbound.protection.outlook.com.

darkthorne:~ bofh$ host -t DNSKEY hotmail.com

hotmail.com has no DNSKEY record



Aloha,

Michael.

--

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?





-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce
Sent: Monday, March 7, 2016 2:44 PM
To: Michael Peddemors ; mailop@mailop.org
Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail 
today?



I just disabled DNSSEC validation on all of our resolvers and that appears to 
have fixed the problem for us.



I’m far from a DNSSEC expert but I think the issue is with the entire 
https://na01.safelinks.protection.outlook.com/?url=65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=eKoZn8aIEUUzdFfiT2Ic222QQQho6%2fhE4LHi95Mi5MQ%3d
 zone.  I can reproduce the issue on any PTR record inside of 
https://na01.safelinks.protection.outlook.com/?url=65.0.0.0%2f8.&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=4xTa2qddYpUkEUqQG6wvREAzVJuVQP5jHc9XzaHg988%3d



-Tony



-Original Message-

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors

Sent: Monday, March 7, 2016 5:35 PM

To: mailop@mailop.org<mailto:mailop@mailop.org>

Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail 
today?



michael@mistress:~$ host 65.55.90.110

https://na01.safelinks.protection.outlook.com/?url=110.90.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JQ31EN4jPO%2bbmfwxRZu4igbDBpWZJhwGicilcSVn11I%3d
 domain name pointer snt004-omc2s35.hotmail.com.

michael@mistress:~$ host 65.55.90.110 8.8.8.8

Using domain server:

Name: 8.8.8.8

Address: 8.8.8.8#53

Aliases:



Host 
https://na01.safelinks.protection.outlook.com/?url=110.90.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JQ31EN4jPO%2bbmfwxRZu4igbDBpWZJhwGicilcSVn11I%3d
 not found: 2(SERVFAIL)





On 16-03-07 02:14 PM, Michael Wise wrote:

> Hotmail doesn't publish any DNSSEC records.

>

> Neither does 
> https://na01.safelinks.protection.outlook.com/?url=Microsoft.com&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=elP2O0lIMZCyLhxLdibWgySnkWE7KcFe%2b60f3ATilwM%3d,
>  etc

>

> As for the rDNS, this is from my home server:

>

> $ host 65.55.169.87

>

> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7ce6cb1e9eb28e4eb3f79608d346dadf8f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=deUPZh%2fHtR9UoG%2bLW6tLOfFXgLs3xtP6CQW8F93oL%2f8%3d
>  domain name pointer

> mail-bl2on0087.outbound.protection.outlook.com.

>

> Aloha,

>

> Michael.

>

> --

>

> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has

> Been Processed." | Got the Junk Mail Reporting Tool ?

>

> -Original Message-

> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce

> Sent: Monday, March 7, 2016 1:56 PM

> To: Michael Peddemors 
> mailto:mich...@linuxmagic.com>>; mailop 
> mailto:mailop@mailop.org>>

> Subject: Re: [mailop] Google DNS Servers not returning results for

> Hotmail today?

>

> We are seeing similar issues on Office 365 mail.

>

> We are getting SERVFAIL on reverse DNS lookups, both using our resolvers

> as well as testing against Google.

>

> It looks DNSSEC related:

>

> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d

> PTR: bad cache hit

> (https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS&data=01%7c01%7cmicha

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2016-03-07 at 22:44 +, Tony Bunce wrote:
> I'm far from a DNSSEC expert but I think the issue is with the entire
> 65.in-addr.arpa zone.  I can reproduce the issue on any PTR record
> inside of 65.0.0.0/8.

Yes, arin.net failed to renew the dnssec signatures on 65.in-addr.arpa.
They have expired, and anyone behind a dnssec enforcing resolver can no
longer see ptr records in that tree.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlbeB/8ACgkQL6j7milTFsGHhQCfb6T+P9SV3UClUAYIYSnWHzfx
edcAnjyFA50U5gkUXd5+RxempM7GoBuk
=0ymm
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Tony Bunce 
I just disabled DNSSEC validation on all of our resolvers and that appears to 
have fixed the problem for us.

I’m far from a DNSSEC expert but I think the issue is with the entire 
65.in-addr.arpa zone.  I can reproduce the issue on any PTR record inside of 
65.0.0.0/8.

-Tony

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors
Sent: Monday, March 7, 2016 5:35 PM
To: mailop@mailop.org
Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail 
today?

michael@mistress:~$ host 65.55.90.110
110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com.
michael@mistress:~$ host 65.55.90.110 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL)


On 16-03-07 02:14 PM, Michael Wise wrote:
> Hotmail doesn't publish any DNSSEC records.
>
> Neither does Microsoft.com, etc
>
> As for the rDNS, this is from my home server:
>
> $ host 65.55.169.87
>
> 87.169.55.65.in-addr.arpa domain name pointer
> mail-bl2on0087.outbound.protection.outlook.com.
>
> Aloha,
>
> Michael.
>
> --
>
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
> Been Processed." | Got the Junk Mail Reporting Tool ?
>
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce
> Sent: Monday, March 7, 2016 1:56 PM
> To: Michael Peddemors ; mailop 
> Subject: Re: [mailop] Google DNS Servers not returning results for
> Hotmail today?
>
> We are seeing similar issues on Office 365 mail.
>
> We are getting SERVFAIL on reverse DNS lookups, both using our resolvers
> as well as testing against Google.
>
> It looks DNSSEC related:
>
> https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d
> PTR: bad cache hit
> (https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d)
>
> With checks disabled the query works:
>
> dig -x 65.55.169.63 +cd
>
> This looks like something is not right:
>
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d
>
> -Tony
>
> -Original Message-
>
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael
> Peddemors
>
> Sent: Monday, March 7, 2016 4:29 PM
>
> To: mailop mailto:mailop@mailop.org>>
>
> Subject: [mailop] Google DNS Servers not returning results for Hotmail
> today?
>
> Had several reports of DNS oddities from the Google DNS servers, from
>
> customers/clients who use them as the default.
>
> Are they in the middle of a move/change?
>
> ___
>
> mailop mailing list
>
> mailop@mailop.org <mailto:mailop@mailop.org>
>
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>



-- 
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Michael Peddemors 

michael@mistress:~$ host 65.55.90.110
110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com.
michael@mistress:~$ host 65.55.90.110 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL)


On 16-03-07 02:14 PM, Michael Wise wrote:

Hotmail doesn't publish any DNSSEC records.

Neither does Microsoft.com, etc

As for the rDNS, this is from my home server:

$ host 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.

Aloha,

Michael.

--

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
Been Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce
Sent: Monday, March 7, 2016 1:56 PM
To: Michael Peddemors ; mailop 
Subject: Re: [mailop] Google DNS Servers not returning results for
Hotmail today?

We are seeing similar issues on Office 365 mail.

We are getting SERVFAIL on reverse DNS lookups, both using our resolvers
as well as testing against Google.

It looks DNSSEC related:

https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d
PTR: bad cache hit
(https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d)

With checks disabled the query works:

dig -x 65.55.169.63 +cd

This looks like something is not right:

https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d

-Tony

-Original Message-

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael
Peddemors

Sent: Monday, March 7, 2016 4:29 PM

To: mailop mailto:mailop@mailop.org>>

Subject: [mailop] Google DNS Servers not returning results for Hotmail
today?

Had several reports of DNS oddities from the Google DNS servers, from

customers/clients who use them as the default.

Are they in the middle of a move/change?

___

mailop mailing list

mailop@mailop.org <mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Michael Wise 


Hotmail doesn't publish any DNSSEC records.

Neither does Microsoft.com, etc



As for the rDNS, this is from my home server:



$ host 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer 
mail-bl2on0087.outbound.protection.outlook.com.



Aloha,

Michael.

--

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?





-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce
Sent: Monday, March 7, 2016 1:56 PM
To: Michael Peddemors ; mailop 
Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail 
today?



We are seeing similar issues on Office 365 mail.



We are getting SERVFAIL on reverse DNS lookups, both using our resolvers as 
well as testing against Google.

It looks DNSSEC related:

https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d
 PTR: bad cache hit 
(https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d)



With checks disabled the query works:

dig -x 65.55.169.63 +cd



This looks like something is not right:

https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d







-Tony







-Original Message-

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors

Sent: Monday, March 7, 2016 4:29 PM

To: mailop mailto:mailop@mailop.org>>

Subject: [mailop] Google DNS Servers not returning results for Hotmail today?



Had several reports of DNS oddities from the Google DNS servers, from

customers/clients who use them as the default.



Are they in the middle of a move/change?



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Michael Wise 
The DNS server records have an apparent TTL of 10 minutes.
Move or no, that shouldn't result in no records returned.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors
Sent: Monday, March 7, 2016 1:29 PM
To: mailop 
Subject: [mailop] Google DNS Servers not returning results for Hotmail today?

Had several reports of DNS oddities from the Google DNS servers, from 
customers/clients who use them as the default.

Are they in the middle of a move/change?


  
-- 
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at 
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.linuxmagic.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cba275239f9614773ba4108d346d11d81%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=raHw9KHWLj3TDamSSilNRIBNhXTAo97lWx0Ed%2fXt6xM%3d
 @linuxmagic

A Wizard IT Company - For More Info 
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.wizard.ca&data=01%7c01%7cmichael.wise%40microsoft.com%7cba275239f9614773ba4108d346d11d81%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sVWgkj9m2SC9ver9FyG7TC%2f3L4i%2fn%2fFsXZR3m1hJLGo%3d
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a&data=01%7c01%7cmichael.wise%40microsoft.com%7cba275239f9614773ba4108d346d11d81%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ELchkx6dLhKTd4C46c9IcjaBT4x%2bQJ0xS0sfvr1cz24%3d
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

2016-03-07 Thread Tony Bunce 
We are seeing similar issues on Office 365 mail.

We are getting SERVFAIL on reverse DNS lookups, both using our resolvers as 
well as testing against Google.
 
It looks DNSSEC related:
87.169.55.65.in-addr.arpa PTR: bad cache hit (55.65.in-addr.arpa/DS)

With checks disabled the query works:
dig -x 65.55.169.63 +cd

This looks like something is not right:
http://dnsviz.net/d/55.65.in-addr.arpa/dnssec/



-Tony



-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors
Sent: Monday, March 7, 2016 4:29 PM
To: mailop 
Subject: [mailop] Google DNS Servers not returning results for Hotmail today?

Had several reports of DNS oddities from the Google DNS servers, from 
customers/clients who use them as the default.

Are they in the middle of a move/change?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop