Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

I would have to back port right now, and I have a work around that will work until the we bump our fleet to a newer version. I was mostly concerned about whether it was something in our network causing the problem. Thanks for all the help guys, --Matt On Thu, Feb 9, 2012 at 4:42 PM, Spain, Dr. J

RE: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

> It's because a few load balancer vendors don't read freely available > specifications but instead appear to reverse engineer the protocol and get it > wrong. > BIND 9.7.0 fixed a long standing of accepting glue promoted to answer by > parent nameservers. Once we did that there was no need to

Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

In message , Matt Doughty writes: > It seems like multiple things are wrong, but I'm still trying to > understand what part of the breakage is causing Bind to throw out the > response with the formerr 'invalid response'. Is this broken for > everyone using bind 9.7 or later? I can just forward

Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

It seems like multiple things are wrong, but I'm still trying to understand what part of the breakage is causing Bind to throw out the response with the formerr 'invalid response'. Is this broken for everyone using bind 9.7 or later? I can just forward this zone to HonestDNS, which happily serves

Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

On 2/8/2012 10:32 PM, Matt Doughty wrote: I have spend the afternoon trying to figure this out. The response I get back from their nameserver looks fine to me, and dig +trace works fine, but a regular dig returns a servfail. I have looked at the code for invalid response, but I don't quite follow

Re: Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

Microsoft's servers are broken. "aa" should be set but it isn't. Mark ; <<>> DiG 9.7.3-P3 <<>> winqual.partners.extranet.microsoft.com @dns10.one.microsoft.com +norec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24074 ;; flags: qr ra; QUERY: 1, ANS

Getting a formerr 'invalid response' for winqual.microsoft.com. but dig +trace works.

I have spend the afternoon trying to figure this out. The response I get back from their nameserver looks fine to me, and dig +trace works fine, but a regular dig returns a servfail. I have looked at the code for invalid response, but I don't quite follow what is going on there, and the comment 're