[dns-operations] is there anyone from microsoft on the list?

Tomas L. Byrnes tomb at byrneit.net
Wed Mar 17 00:55:01 UTC 2010


Or perhaps your firewall or router is blocking TCP DNS, which is,
unfortunately, a very common misconfiguration, done in the name of
"security" (when it in face breaks many forms of security that use DNS).



> -----Original Message-----
> From: dns-operations-bounces at lists.dns-oarc.net
[mailto:dns-operations-
> bounces at lists.dns-oarc.net] On Behalf Of Robert Edmonds
> Sent: Tuesday, March 16, 2010 4:13 PM
> To: dns-operations at lists.dns-oarc.net
> Subject: [dns-operations] is there anyone from microsoft on the list?
> 
> ns[1-5].msft.net are broken; they set the TC bit on certain UDP
> responses but do not respond to TCP queries.
> 
>     microsoft.com has address 207.46.197.32
>     microsoft.com has address 207.46.232.182
>     microsoft.com mail is handled by 10 mail.messaging.microsoft.com.
> 
>     46.207.in-addr.arpa.    86400   IN  NS  ns1.msft.net.
>     46.207.in-addr.arpa.    86400   IN  NS  ns2.msft.net.
>     46.207.in-addr.arpa.    86400   IN  NS  ns5.msft.net.
>     46.207.in-addr.arpa.    86400   IN  NS  ns4.msft.net.
>     46.207.in-addr.arpa.    86400   IN  NS  ns3.msft.net.
>     ;; Received 142 bytes from 2001:500:31::63#53(x.arin.net) in 105
ms
> 
>     $ dig +norec @ns1.msft.net -x 207.46.197.32
>     ;; Truncated, retrying in TCP mode.
> 
>     ; <<>> DiG 9.7.0 <<>> +norec @ns1.msft.net -x 207.46.197.32
>     ; (1 server found)
>     ;; global options: +cmd
>     ;; connection timed out; no servers could be reached
> 
> packet capture is attached.
> 
> --
> Robert Edmonds
> edmonds at isc.org



More information about the dns-operations mailing list