Not sure what’s going on here, but … this command returns nothing:
$ dig -t RRSIG 87.169.55.65.in-addr.arpa +short
Whereas the first three seem to be returning wrong information, but that might
be an artifact of my home server’s host command?
$ host -t RRSIG 65.55.169.87
87.169.55.65.i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-03-07 at 22:44 +, Tony Bunce wrote:
> I'm far from a DNSSEC expert but I think the issue is with the entire
> 65.in-addr.arpa zone. I can reproduce the issue on any PTR record
> inside of 65.0.0.0/8.
Yes, arin.net failed to renew t
I just disabled DNSSEC validation on all of our resolvers and that appears to
have fixed the problem for us.
I’m far from a DNSSEC expert but I think the issue is with the entire
65.in-addr.arpa zone. I can reproduce the issue on any PTR record inside of
65.0.0.0/8.
-Tony
-Original Messa
michael@mistress:~$ host 65.55.90.110
110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com.
michael@mistress:~$ host 65.55.90.110 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL)
On 16-03-07 02:14 P
Hotmail doesn't publish any DNSSEC records.
Neither does Microsoft.com, etc
As for the rDNS, this is from my home server:
$ host 65.55.169.87
87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.
Aloha,
Michael.
--
Michael J Wise | Micros
The DNS server records have an apparent TTL of 10 minutes.
Move or no, that shouldn't result in no records returned.
Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
Processed." | Got the Junk Mail Reporting Tool ?
-Original Message-
From: mai
We are seeing similar issues on Office 365 mail.
We are getting SERVFAIL on reverse DNS lookups, both using our resolvers as
well as testing against Google.
It looks DNSSEC related:
87.169.55.65.in-addr.arpa PTR: bad cache hit (55.65.in-addr.arpa/DS)
With checks disabled the query works:
dig -
Had several reports of DNS oddities from the Google DNS servers, from
customers/clients who use them as the default.
Are they in the middle of a move/change?
--
"Catch the Magic of Linux..."
Michael Peddemors, Presiden