[dns-operations] SOA-less (uncacheable) NODATA from `protection.outlook.com` nameservers

Viktor Dukhovni ietf-dane at dukhovni.org
Fri Oct 21 19:27:25 UTC 2022


The nameservers for both `protection.outlook.com` and 
`olc.protection.outlook.com` are:

     ns[12]-gtm.glbdns.o365filtering.com

They return uncacheable NODATA responses with no SOA [RFC2308 Sec. 5].  Any
IPv6 client that asks for the AAAA records of various "olc" hosts will
therefore elicit uncacheable answers:

     $ ns=ns2-gtm.glbdns.o365filtering.com
     $ qname=hotmail-com.olc.protection.outlook.com.
     $ qtype=aaaa

     $ dig +norecur +nocmd -t $qtype $qname @$ns
     ;; Got answer:
     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21255
     ;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

     ;; OPT PSEUDOSECTION:
     ; EDNS: version: 0, flags:; udp: 4096
     ;; QUESTION SECTION:
     ;hotmail-com.olc.protection.outlook.com.    IN AAAA

     ;; Query time: 14 msec
     ;; SERVER: 104.47.38.8#53(104.47.38.8)
     ;; WHEN: Fri Oct 21 14:32:47 EDT 2022
     ;; MSG SIZE  rcvd: 67

This seems suboptimal to me.  Is anyone at Microsoft in a position to append
addressing this (mis)behaviour to the list of future improvements?

Note that the host in question is the MX host for hotmail.com, for which 
AAAA
queries would be quite common, given the billions of email messages a day
handled by hotmail.com and outlook.com (same symptoms).

-- 
     Viktor.

[ Cross-posted on OARC Mattermost "Town Hall" forum ]


More information about the dns-operations mailing list