RE: Unspecified error DNS query

Darcy Kevin (FCA) Fri, 07 Oct 2016 09:21:48 -0700

There's nothing particularly unusual about the "retrying in TCP mode" message - 
as Mark explained, that happens whenever the packet size is big and EDNS0 is 
not being used.


I looked up this name from an internal Windows 7 box through a BIND-based 
forwarder (in North America), and it resolves fine:

Non-authoritative answer:
Name:    live-namnorth.office365.com
Addresses:  40.97.169.162
          132.245.46.34
          132.245.22.146
          132.245.37.130
          40.96.7.114
          132.245.250.130
          132.245.71.178
          132.245.75.18
          132.245.59.114
          40.97.144.50
Aliases:  outlook.live.com
          edge-live.outlook.office.com
          outlook-live-com.a-0010.a-msedge.net
          ipv4.outlook.com
          outlook.live.com.glbdns2.microsoft.com


C:\Windows\System32>

Like your response, there are 5 CNAMEs and 10 A records.

So, I would say either something is wrong with your client build, or there's a 
middlebox somewhere that's messing with the packets, possibly because it 
doesn't how the TCP flavor of DNS works. Time to take a packet capture and see 
what's really going on.

                                                                                
                                                                                
                                                                                
                                - Kevin


From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Daniel 
Dawalibi
Sent: Friday, October 07, 2016 8:01 AM
To: bind-users@lists.isc.org
Subject: Unspecified error DNS query

Hello


We are getting "Unspecified error" when querying our DNS server (Query: 
outlook.live.com)  from  a PC communication with our DNS
We tried to perform the same query from the DNS itself (local host) and we 
found that the Dig output is showing with the following message "Truncated, 
retrying in TCP mode".
We also observed that the message size of the requested query 
"outlook.live.com" increased recently from MSG SIZE 221 to 770
Can you please help why we are getting this error (client side) and why the TCP 
mode is shown in the dig output since other queries do not show TCP mode in 
their output?

[root@DNS1 dan]# dig outlook.live.com
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> outlook.live.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45725
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 7, ADDITIONAL: 11

;; QUESTION SECTION:
;outlook.live.com.              IN      A

;; ANSWER SECTION:
outlook.live.com.       881     IN      CNAME   edge-live.outlook.office.com.
edge-live.outlook.office.com. 280 IN    CNAME   
outlook-live-com.a-0010.a-msedge.net.
outlook-live-com.a-0010.a-msedge.net. 160 IN CNAME ipv4.outlook.com.
ipv4.outlook.com.       126     IN      CNAME   
outlook.live.com.glbdns2.microsoft.com.
outlook.live.com.glbdns2.microsoft.com. 280 IN CNAME 
live-emeaeast3.office365.com.
live-emeaeast3.office365.com. 294 IN    A       40.101.44.178
live-emeaeast3.office365.com. 294 IN    A       134.170.68.82
live-emeaeast3.office365.com. 294 IN    A       40.101.28.178
live-emeaeast3.office365.com. 294 IN    A       40.101.1.82
live-emeaeast3.office365.com. 294 IN    A       132.245.79.242
live-emeaeast3.office365.com. 294 IN    A       40.96.21.34
live-emeaeast3.office365.com. 294 IN    A       40.101.9.2
live-emeaeast3.office365.com. 294 IN    A       40.101.60.2
live-emeaeast3.office365.com. 294 IN    A       40.96.21.50
live-emeaeast3.office365.com. 294 IN    A       132.245.194.242

;; AUTHORITY SECTION:
office365.com.          170080  IN      NS      ns2.msft.net.
office365.com.          170080  IN      NS      ns1a.o365filtering.com.
office365.com.          170080  IN      NS      ns3.msft.net.
office365.com.          170080  IN      NS      ns1.msft.net.
office365.com.          170080  IN      NS      ns4a.o365filtering.com.
office365.com.          170080  IN      NS      ns4.msft.net.
office365.com.          170080  IN      NS      ns2a.o365filtering.com.

;; ADDITIONAL SECTION:
ns1.msft.net.           289     IN      A       208.84.0.53
ns2.msft.net.           170080  IN      A       208.84.2.53
ns3.msft.net.           289     IN      A       193.221.113.53
ns4.msft.net.           170080  IN      A       208.76.45.53
ns1a.o365filtering.com. 311     IN      A       157.56.110.11
ns2a.o365filtering.com. 311     IN      A       157.56.116.52
ns4a.o365filtering.com. 311     IN      A       157.55.133.11
ns1.msft.net.           289     IN      AAAA    2620:0:30::53
ns2.msft.net.           170080  IN      AAAA    2620:0:32::53
ns3.msft.net.           289     IN      AAAA    2620:0:34::53
ns4.msft.net.           170080  IN      AAAA    2620:0:37::53

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct  7 07:57:41 2016
;; MSG SIZE  rcvd: 770


Regards
Daniel

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Unspecified error DNS query

Reply via email to