[dns-operations] SOA-less (uncacheable) NODATA from `protection.outlook.com` nameservers
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Oct 21 19:27:25 UTC 2022
The nameservers for both `protection.outlook.com` and
`olc.protection.outlook.com` are:
ns[12]-gtm.glbdns.o365filtering.com
They return uncacheable NODATA responses with no SOA [RFC2308 Sec. 5]. Any
IPv6 client that asks for the AAAA records of various "olc" hosts will
therefore elicit uncacheable answers:
$ ns=ns2-gtm.glbdns.o365filtering.com
$ qname=hotmail-com.olc.protection.outlook.com.
$ qtype=aaaa
$ dig +norecur +nocmd -t $qtype $qname @$ns
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21255
;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hotmail-com.olc.protection.outlook.com. IN AAAA
;; Query time: 14 msec
;; SERVER: 104.47.38.8#53(104.47.38.8)
;; WHEN: Fri Oct 21 14:32:47 EDT 2022
;; MSG SIZE rcvd: 67
This seems suboptimal to me. Is anyone at Microsoft in a position to append
addressing this (mis)behaviour to the list of future improvements?
Note that the host in question is the MX host for hotmail.com, for which
AAAA
queries would be quite common, given the billions of email messages a day
handled by hotmail.com and outlook.com (same symptoms).
--
Viktor.
[ Cross-posted on OARC Mattermost "Town Hall" forum ]
More information about the dns-operations
mailing list