I just disabled DNSSEC validation on all of our resolvers and that appears to have fixed the problem for us.
I’m far from a DNSSEC expert but I think the issue is with the entire 65.in-addr.arpa zone. I can reproduce the issue on any PTR record inside of 65.0.0.0/8. -Tony -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors Sent: Monday, March 7, 2016 5:35 PM To: mailop@mailop.org Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail today? michael@mistress:~$ host 65.55.90.110 110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com. michael@mistress:~$ host 65.55.90.110 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL) On 16-03-07 02:14 PM, Michael Wise wrote: > Hotmail doesn't publish any DNSSEC records. > > Neither does Microsoft.com, etc.... > > As for the rDNS, this is from my home server: > > $ host 65.55.169.87 > > 87.169.55.65.in-addr.arpa domain name pointer > mail-bl2on0087.outbound.protection.outlook.com. > > Aloha, > > Michael. > > -- > > Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has > Been Processed." | Got the Junk Mail Reporting Tool ? > > -----Original Message----- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce > Sent: Monday, March 7, 2016 1:56 PM > To: Michael Peddemors <mich...@linuxmagic.com>; mailop <mailop@mailop.org> > Subject: Re: [mailop] Google DNS Servers not returning results for > Hotmail today? > > We are seeing similar issues on Office 365 mail. > > We are getting SERVFAIL on reverse DNS lookups, both using our resolvers > as well as testing against Google. > > It looks DNSSEC related: > > https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d > PTR: bad cache hit > (https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d) > > With checks disabled the query works: > > dig -x 65.55.169.63 +cd > > This looks like something is not right: > > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d > > -Tony > > -----Original Message----- > > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael > Peddemors > > Sent: Monday, March 7, 2016 4:29 PM > > To: mailop <mailop@mailop.org <mailto:mailop@mailop.org>> > > Subject: [mailop] Google DNS Servers not returning results for Hotmail > today? > > Had several reports of DNS oddities from the Google DNS servers, from > > customers/clients who use them as the default. > > Are they in the middle of a move/change? > > _______________________________________________ > > mailop mailing list > > mailop@mailop.org <mailto:mailop@mailop.org> > > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a&data=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic ------------------------------------------------------------------------ A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
