DNSSEC broken for login.microsoftonline.com

Tony Finch dot at dotat.at
Tue Oct 27 17:35:23 UTC 2015

Bruce Curtis <bruce.curtis at ndsu.edu> wrote:
> FYI our DNS requests to resolve login.microsoftonline.com are failing
> because of a DNSSEC error.

There's no DS record for microsoftonline.com so you shouldn't have any
DNSSEC problems with it - my servers can resolve it OK. DNSvis doesn't
show any problems. The only thing which might cause trouble is the
SERVFAIL responses to DNSKEY queries flagged by the Verisign DNSSEC

> http://dnssec-debugger.verisignlabs.com/login.microsoftonline.com
> http://dnsviz.net/d/login.microsoftonline.com/dnssec/

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Fitzroy, Sole: Cyclonic, mainly southwesterly, 5 to 7, occasionally gale 8 in
west Fitzroy. Very rough or high, becoming rough in Sole. Rain or thundery
showers. Moderate or poor, occasionally good.

More information about the NANOG mailing list