ns1-proddns.glbdns.o365filtering.com unreachable?
Peter van Dijk
peter.van.dijk at powerdns.com
Wed Jul 6 10:15:31 UTC 2022
On Wed, 2022-07-06 at 11:49 +0200, Stephane Bortzmeyer wrote:
> On Wed, Jul 06, 2022 at 11:37:40AM +0200,
> Bjoern Franke via NANOG <nanog at nanog.org> wrote
> a message of 10 lines which said:
>
> > <tenant>.mail.protection.outlook.com seems to throw servfails.
>
> The authoritative name servers for this domain do not handle EDNS
> (which was specified only 23 years ago) so the resolvers that do not
> fallback on EDNS (probably the majority) return a SERVFAIL.
While it is true that their auths do not handle EDNS, they cover that
by responding with FORMERR without an EDNS section. All resolvers
should in fact fall back.
>From what I can tell, the real problem is that these servers barely
respond at all - so little that it's easy to conclude that EDNS is the
reason, but without EDNS responses are just as sporadic.
So, in short, they have a DNS responding problem; their bad handling of
EDNS makes that worse, because now a resolver needs to get two queries
(one with EDNS, then one without) through to them before resolving
something - and then it is rewarded with a 10 second TTL!
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the NANOG
mailing list