looks like the authoritative nameservers cannot handle EDNS(0) queries
(standardized in 1999, rfc2671). While this is not a problem per see,
the FORMERR response is not according RFC. For more details see:
https://ednscomp.isc.org/ednscomp/17c95198e4#edns
Name resolution therefore relies on retries by the resolver until it
figured out how to talk to this authoritative nameserver.
I guess this could be the source of your problem as such retries are
error prone or can lead to timeouts.
If you are using BIND you can avoid this retries all together by using:
// avoid using EDNS(0) for the following nameservers
server 157.55.234.42 { edns false; };
server 157.56.112.42 { edns false; };
server 23.103.145.81 { edns false; };
server 157.56.112.42 { edns false; };
See BIND ARM manual for more information:
https://ftp.isc.org/isc/bind9/cur/9.11/doc/arm/Bv9ARM.ch06.html#server_statement_grammar
Note, EDNS workarounds are going to disappear. See:
https://ripe76.ripe.net/presentations/159-edns.pdf
Daniel, SWITCH
On 22.05.18 11:09, Ralf Zenklusen, BAR Informatik AG wrote:
> Hi,
>
> we see sporadic DNS resolver errors for A records of
> *.mail.protection.outlook.com
>
> Only a few per day vs many successful lookups.
>
>
>
> Anybody else seeing these?
>
>
>
>
>
>
>
> Kind regards
>
> Ralf
>
>
>
>
>
>
>
>
>
> *Ralf Zenklusen *
> Dipl. El. Ing. HTL
> Leiter Internet
>
>
>
>
>
>
> *BAR *Informatik AG
> Weidenweg 235
> 3902 Brig-Glis
> Tel +41 27 922 48 48
>
>
>
>
> www.barinformatik.ch
> www.rhone.ch
> [email protected]
>
>
>
>
>
>
> _______________________________________________
> swinog mailing list
> [email protected]
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
