I have forwarded this to my contacts at Microsoft. On Tue, Sep 11, 2018 at 12:06 AM Mark Andrews <ma...@isc.org> wrote:
> While we are talking about DNS server that are broken, Microsoft your > servers are as well. As none > of the zones you serve are DNSSEC signed there isn’t as much breakage > possible but there are still > interoperability problems and unnecessary additional traffic. It’s not > like the EDNS specification > is complicated. > > The microsoftonline servers will cause DNSSEC validation to fail if they > ever serve a DNSSEC signed > zone in this state. The FORMERR will cause EDNS servers to fallback to > plain DNS and the validators > won’t get the records they need. > > The azure servers cause problems for anyone deploying a new EDNS options > as they have to cope with > your servers incorrectly echoing back the option. Additionally if EDNS(1) > is ever deployed there is > a good chance that resolvers will assume the broken answers indicate that > there is no data at the > name. > > Mark > > cityofharrison-mi.gov. @207.46.15.59 (ns1.bdm.microsoftonline.com.): > dns=ok edns=ok edns1=ok edns@512=ok ednsopt=formerr,echoed > edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok > optlist=formerr,subnet signed=ok ednstcp=ok > cityofharrison-mi.gov. @2a01:111:f406:1804::59 ( > ns1.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns@512=ok > ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok > ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok > cityofharrison-mi.gov. @191.232.83.138 (ns3.bdm.microsoftonline.com.): > dns=ok edns=ok edns1=ok edns@512=ok ednsopt=formerr,echoed > edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok > optlist=formerr,subnet signed=ok ednstcp=ok > cityofharrison-mi.gov. @2a01:111:f406:b400::22 ( > ns3.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns@512=ok > ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok > ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok > cityofharrison-mi.gov. @157.56.81.41 (ns2.bdm.microsoftonline.com.): > dns=ok edns=ok edns1=ok edns@512=ok ednsopt=formerr,echoed > edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok > optlist=formerr,subnet signed=ok ednstcp=ok > cityofharrison-mi.gov. @2a01:111:f406:3403::41 ( > ns2.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns@512=ok > ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok > ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok > > clintoncounty-ia.gov. @13.107.24.7 (ns3-07.azure-dns.org.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @2a01:111:4000::7 (ns3-07.azure-dns.org.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @13.107.160.7 (ns4-07.azure-dns.info.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @2620:1ec:bda::7 (ns4-07.azure-dns.info.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @64.4.48.7 (ns2-07.azure-dns.net.): dns=ok edns=ok > edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @2620:1ec:8ec::7 (ns2-07.azure-dns.net.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @40.90.4.7 (ns1-07.azure-dns.com.): dns=ok edns=ok > edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > clintoncounty-ia.gov. @2603:1061::7 (ns1-07.azure-dns.com.): dns=ok > edns=ok edns1=noerror,badversion edns@512=ok ednsopt=echoed > edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok > ednstcp=ok > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > <https://maps.google.com/?q=1+Seymour+St.,+Dundas+Valley,+NSW+2117,+Australia&entry=gmail&source=g> > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > -- Mehmet +1-424-298-1903
