In article ,
Barry Margolin wrote:
> In article ,
> Sam Wilson wrote:
>
> > For a NXDOMAIN response, or NOERROR with an empty answer section, the
> > server should provide the SOA record in the authority section. That SOA
> > is the apex of the zone which doesn't contain the answer record
In article ,
Sam Wilson wrote:
> For a NXDOMAIN response, or NOERROR with an empty answer section, the
> server should provide the SOA record in the authority section. That SOA
> is the apex of the zone which doesn't contain the answer record you
> asked for, if you see what I mean. The ser
In article ,
Gabriele Paggi wrote:
> Hello Sam,
>
> > There's some kind of delegation bug as well. If I query
> > dns1[0-3].one.microsoft.com for SOA and NS for
> > partners.extranet.microsoft.com you get sensible answers though the
> > origin host is different for each server queried and thos
Hello Sam,
> There's some kind of delegation bug as well. If I query
> dns1[0-3].one.microsoft.com for SOA and NS for
> partners.extranet.microsoft.com you get sensible answers though the
> origin host is different for each server queried and those origins are
> privately addressed.
Which kind o
In article ,
Tony Finch wrote:
> It looks to me like this is an EDNS bug. ...
There's some kind of delegation bug as well. If I query
dns1[0-3].one.microsoft.com for SOA and NS for
partners.extranet.microsoft.com you get sensible answers though the
origin host is different for each server q
Carsten Strotmann (private) wrote:
>
> The FORMERR I'm seeing is also quite odd, as it has the "AD" flag set,
> which should normally not appear in an error type of response, but
> might be caused by a mangled DNS packet:
I think it is echoing the AD bit in the query.
; <<>> DiG 9.9.1-P1 <<>> +
It looks to me like this is an EDNS bug. I am querying the authoritative
server directly, with no firewalls in the way. The FORMERR is coming from
the authoritative server not from BIND. I get the same result over IPv4
and IPv6.
They also have a bug in their NXDOMAIN logic: extranet.microsoft.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
On 6/24/12 10:07 AM, Carsten Strotmann (private) wrote:
> It might even be a new Windows 2012 DNS server, and it might be an
> issue with this new version. This is just speculation, but if it is
> an issue with Windows 2012 DNS, it might be g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Jeffry,
On 6/22/12 1:25 PM, Spain, Dr. Jeffry A. wrote:
> From what I observed I would conclude that dns11.one.microsoft.com
> is a Windows DNS server since it behaves like mine except for the
> AA flag not being set in theirs.
It might even be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/24/12 5:57 AM, Gabriele Paggi wrote:
> Hello Carsten,
>
> Thanks for your reply!
>> about the FORMERR. This might be caused by a Firewall or other
>> middlebox that truncates the large answer containing the NS
>> record set for
Hello Jeffry,
FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver. On this system "dig @localhost vlasext.partners.extranet.microsoft.com a" returns the answer 70.42.230.20 and identifies dns11.one.microsoft.com (94.245.124.49) as one of four authoritative servers. "dig @
Hello Carsten,
At Men& Mice I've investigated this issue a few weeks ago for one of
our customers. At that point of time, we've seen NS records with
private addresses:
That's interesting but it still doesn't explain why BIND reports a
format error in the reply it receives.
The reply is nonsens
Hello Carsten,
Thanks for your reply!
about the FORMERR. This might be caused by a Firewall or other
middlebox that truncates the large answer containing the NS record set
for this domain.
I see the same if I try to fetch the delegation NS records from the
parent domain (microsoft.com) for part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/22/12 11:22 AM, Gabriele Paggi wrote:
> I'm a BIND novice and I'm trying to understand what causes my
> BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried
> for the A record of vlasext.partners.extranet.microsoft
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Gabriele,
On 6/22/12 11:22 AM, Gabriele Paggi wrote:
> I'm a BIND novice and I'm trying to understand what causes my
> BIND9 resolver (bind97-9.7.0-10.P2) to return an error when queried
> for the A record of vlasext.partners.extranet.microsoft.
> I'm a BIND novice and I'm trying to understand what causes my BIND9 resolver
> (bind97-9.7.0-10.P2) to return an error when queried for the A record of
> vlasext.partners.extranet.microsoft.com:
FWIW I'm not able to reproduce this using a BIND 9.9.1-P1 recursive resolver.
On this system "dig
Hello,
I'm a BIND novice and I'm trying to understand what causes my BIND9
resolver (bind97-9.7.0-10.P2) to return an error when queried for the
A record of vlasext.partners.extranet.microsoft.com:
Jun 22 11:14:47 res1 named[32210]: DNS format error from
94.245.124.49#53 resolving vlasext.partner
17 matches
Mail list logo
