[dns-operations] SOA-less (uncacheable) NODATA from `protection.outlook.com` nameservers

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Oct 21 19:27:25 UTC 2022

The nameservers for both `protection.outlook.com` and 
`olc.protection.outlook.com` are:


They return uncacheable NODATA responses with no SOA [RFC2308 Sec. 5].  Any
IPv6 client that asks for the AAAA records of various "olc" hosts will
therefore elicit uncacheable answers:

     $ ns=ns2-gtm.glbdns.o365filtering.com
     $ qname=hotmail-com.olc.protection.outlook.com.
     $ qtype=aaaa

     $ dig +norecur +nocmd -t $qtype $qname @$ns
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21255
     ;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

     ; EDNS: version: 0, flags:; udp: 4096
     ;hotmail-com.olc.protection.outlook.com.    IN AAAA

     ;; Query time: 14 msec
     ;; SERVER:
     ;; WHEN: Fri Oct 21 14:32:47 EDT 2022
     ;; MSG SIZE  rcvd: 67

This seems suboptimal to me.  Is anyone at Microsoft in a position to append
addressing this (mis)behaviour to the list of future improvements?

Note that the host in question is the MX host for hotmail.com, for which 
queries would be quite common, given the billions of email messages a day
handled by hotmail.com and outlook.com (same symptoms).


[ Cross-posted on OARC Mattermost "Town Hall" forum ]

More information about the dns-operations mailing list