DNSSEC broken for login.microsoftonline.com

• Previous message (by thread): DNSSEC broken for login.microsoftonline.com
• Next message (by thread): DNSSEC broken for login.microsoftonline.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Oct 27, 2015, at 12:35 PM, Tony Finch <dot at dotat.at> wrote:
> 
> Bruce Curtis <bruce.curtis at ndsu.edu> wrote:
>> 
>> FYI our DNS requests to resolve login.microsoftonline.com are failing
>> because of a DNSSEC error.
> 
> There's no DS record for microsoftonline.com so you shouldn't have any
> DNSSEC problems with it - my servers can resolve it OK. DNSvis doesn't
> show any problems. The only thing which might cause trouble is the
> SERVFAIL responses to DNSKEY queries flagged by the Verisign DNSSEC
> debugger.


  DNSvis did list 4 errors earlier.  

  4 recursive DNS servers here still fail to resolve login.microsoftonline.com.

  I turned DNSSEC validation off on one and it then resolved correctly.

	dnssec-validation no;

  Thanks for the info.  Our customers have reported that it does resolve at the Google public DNS servers also.

> http://dnssec-debugger.verisignlabs.com/login.microsoftonline.com
>> 
>> http://dnsviz.net/d/login.microsoftonline.com/dnssec/
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Fitzroy, Sole: Cyclonic, mainly southwesterly, 5 to 7, occasionally gale 8 in
> west Fitzroy. Very rough or high, becoming rough in Sole. Rain or thundery
> showers. Moderate or poor, occasionally good.

---
Bruce Curtis                         bruce.curtis at ndsu.edu
Certified NetAnalyst II                701-231-8527
North Dakota State University        

• Previous message (by thread): DNSSEC broken for login.microsoftonline.com
• Next message (by thread): DNSSEC broken for login.microsoftonline.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]