Could it be that the “adberr:2” logs entries are indicating that it periodically can’t find the name servers?
-Rob Heilman # dig zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. dig: couldn't get address for 'ns1-prodeodns.glbdns.o365filtering.com.': failure # dig zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 35547 ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; WARNING: EDNS query returned status FORMERR - retry with '+noedns' ;; Query time: 73 msec ;; SERVER: 207.46.100.42#53(207.46.100.42) ;; WHEN: Wed May 04 14:44:22 EDT 2016 ;; MSG SIZE rcvd: 12 # dig zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. +noedns ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> zulily-com.mail.protection.outlook.com. @ns1-prodeodns.glbdns.o365filtering.com. +noedns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27187 ;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;zulily-com.mail.protection.outlook.com. IN A ;; ANSWER SECTION: zulily-com.mail.protection.outlook.com. 10 IN A 207.46.163.138 zulily-com.mail.protection.outlook.com. 10 IN A 207.46.163.247 zulily-com.mail.protection.outlook.com. 10 IN A 207.46.163.215 ;; Query time: 74 msec ;; SERVER: 207.46.100.42#53(207.46.100.42) ;; WHEN: Wed May 04 14:44:56 EDT 2016 ;; MSG SIZE rcvd: 218 > On May 4, 2016, at 3:16 PM, John Miller <johnm...@brandeis.edu> wrote: > >> >> dig mail.protection.outlook.com. ns >> @ns1-proddns.glbdns.o365filtering.com. +noedns >> ;; ANSWER SECTION: >> mail.protection.outlook.com. 10 IN NS >> ns1-proddns.glbdns.o365filtering.com. >> mail.protection.outlook.com. 10 IN NS >> ns2-proddns.glbdns.o365filtering.com. >> >> >> >> Note the short TTL on the A and NS records, combined with dns servers >> that don't understand edns. Is there something in bind 9.9.5 that would >> not like that combination? I presume that 9.9.5 would try edns first, >> and then backoff to noedns after receiving the FORMERR. >> > > Seems very odd to have a TTL of 10 seconds on an NS record: anyone > seen that before? Combining that with EDNS disabled means that you're > essentially having to make four lookups every single time you want to > use Outlook 365. > > John > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users