[swinog] Sporadic DNS resolver error for *.mail.protection.outlook.com

2018-05-22 Diskussionsfäden Daniel Stirnimann 
looks like the authoritative nameservers cannot handle EDNS(0) queries
(standardized in 1999, rfc2671). While this is not a problem per see,
the FORMERR response is not according RFC. For more details see:
https://ednscomp.isc.org/ednscomp/17c95198e4#edns

Name resolution therefore relies on retries by the resolver until it
figured out how to talk to this authoritative nameserver.

I guess this could be the source of your problem as such retries are
error prone or can lead to timeouts.

If you are using BIND you can avoid this retries all together by using:

// avoid using EDNS(0) for the following nameservers
server 157.55.234.42 { edns false; };
server 157.56.112.42 { edns false; };
server 23.103.145.81 { edns false; };
server 157.56.112.42 { edns false; };

See BIND ARM manual for more information:
https://ftp.isc.org/isc/bind9/cur/9.11/doc/arm/Bv9ARM.ch06.html#server_statement_grammar

Note, EDNS workarounds are going to disappear. See:
https://ripe76.ripe.net/presentations/159-edns.pdf

Daniel, SWITCH

On 22.05.18 11:09, Ralf Zenklusen, BAR Informatik AG wrote:
> Hi,
> 
> we see sporadic DNS resolver errors for A records of
> *.mail.protection.outlook.com
> 
> Only a few per day vs many successful lookups.
> 
>  
> 
> Anybody else seeing these?
> 
>  
> 
>  
> 
>  
> 
> Kind regards
> 
> Ralf
> 
>  
> 
>  
> 
>  
> 
> 
> 
> *Ralf Zenklusen *
> Dipl. El. Ing. HTL
> Leiter Internet       
>  
> 
>     
> 
>   
> 
> *BAR *Informatik AG
> Weidenweg 235
> 3902 Brig-Glis
> Tel +41 27 922 48 48
>   
> 
>   
> 
> www.barinformatik.ch
> www.rhone.ch
> r.zenklu...@barinformatik.ch
> 
> 
> 
> 
> 
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
> 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Sporadic DNS resolver error for *.mail.protection.outlook.com

2018-05-22 Diskussionsfäden Markus Wild 

> we see sporadic DNS resolver errors for A records of 
> *.mail.protection.outlook.com
> 
> Only a few per day vs many successful lookups.

I haven't noticed this, but we found out last week that Microsoft apparently 
has enabled a new cluster of servers for
europe in networks 40.92.7[345].*. All of these currently completely lack PTR 
data, and the corresponding SOA suggests
a last modification date of February 5, 2018:

92.40.in-addr.arpa. 3600IN  SOA ns1.msft.net. 
msnhst.microsoft.com. 2018020502 7200 900 2419200 3600

they pop up in logs such as this:

 [40.92.75.99] claimed to be EUR04-VI1-obe.outbound.protection.outlook.com

and rejected connections seem to carry only freemail services (hotmail, 
windowslivemail).

We informed SOA and whois contacts last Wednesday, but haven't heard back from 
them.

Cheers,
Markus


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Sporadic DNS resolver error for *.mail.protection.outlook.com

2018-05-22 Diskussionsfäden Felix Meier 
Hi Ralf

We see these problems too.

best regards,
Felix



Am 22.05.2018 um 11:09 schrieb Ralf Zenklusen, BAR Informatik AG:
>
> Hi,
>
> we see sporadic DNS resolver errors for A records of
> *.mail.protection.outlook.com
>
> Only a few per day vs many successful lookups.
>
>  
>
> Anybody else seeing these?
>
>  
>
>  
>
>  
>
> Kind regards
>
> Ralf
>
>  
>
>  
>
>  
>
>
>
> *Ralf Zenklusen *
> Dipl. El. Ing. HTL
> Leiter Internet       
>  
>
>     
>
>   
>
> *BAR *Informatik AG
> Weidenweg 235
> 3902 Brig-Glis
> Tel +41 27 922 48 48
>   
>
>   
>
> www.barinformatik.ch
> www.rhone.ch
> r.zenklu...@barinformatik.ch
>
>
>
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Sporadic DNS resolver error for *.mail.protection.outlook.com

2018-05-22 Diskussionsfäden r...@bar.ch 
Hi,

we see sporadic DNS resolver errors for A records of 
*.mail.protection.outlook.com

Only a few per day vs many successful lookups.



Anybody else seeing these?







Kind regards

Ralf









Ralf Zenklusen
Dipl. El. Ing. HTL
Leiter Internet





BAR Informatik AG
Weidenweg 235
3902 Brig-Glis
Tel +41 27 922 48 48


www.barinformatik.ch
www.rhone.ch
r.zenklu...@barinformatik.ch






___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Sporadic DNS resolver error for *.mail.protection.outlook.com

2018-05-22 Diskussionsfäden Ralf Zenklusen, BAR Informatik AG 
Hi,

we see sporadic DNS resolver errors for A records of 
*.mail.protection.outlook.com

Only a few per day vs many successful lookups.



Anybody else seeing these?







Kind regards

Ralf









Ralf Zenklusen
Dipl. El. Ing. HTL
Leiter Internet





BAR Informatik AG
Weidenweg 235
3902 Brig-Glis
Tel +41 27 922 48 48


www.barinformatik.ch
www.rhone.ch
r.zenklu...@barinformatik.ch








___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog