[dns-operations] mail.protection.outlook.com (was: Anyone from Google here?)

Brian Somers bsomers at opendns.com
Sat Apr 18 16:55:07 UTC 2020

Heh, mail.protection.outlook.com has consumed many hours of my time in the past month :(

For everyones’ amusement/astonishment:
* dig +edns ns mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  Returns FORMERR but an empty question section
* dig +noedns SOA mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  Returns NODATA… with an SOA to prove it!
* dig +noedns DS mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  dig +noedns DNSKEY mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  dig +noedns TXT mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  Returns NOTIMP
* dig +noedns ns nist-gov.mail.protection.outlook.com @ns1-proddns.glbdns.o365filtering.com
  Returns two mail.protection.outlook.com/NS RRs in the ANSWER section

If only Microsoft cared…


> On Apr 16, 2020, at 11:14 PM, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> On Fri, Apr 17, 2020 at 03:52:14PM +1000, Mark Andrews wrote:
>> % dig @ns1.google.com google.com type1001 
>> ;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 40540
> Well, it is somewhat similar to the behaviour of the load balancers for
> mail.protection.outlook.com, which return NOTIMP for even more RRtypes,
> e.g. TLSA:
>    _25._tcp.nist-gov.mail.protection.outlook.com. IN A ? ; NXDomain
>    _25._tcp.nist-gov.mail.protection.outlook.com. IN TLSA ? ; NotImp
>> All this does is make it harder to deploy new DNS data types.  Is
>> that Google’s intention?
> I doubt that's the intention, but perhaps it points to a common origin
> for the underlying DNS load-balancer platforms?  If so, with a bit of
> luck software/firmware updates may be available to address both.
> It is otherwise an interesting coincidence that both Google and
> Microsoft ended up pretty much the same bug.
> -- 
>    Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list