DNSSEC broken for login.microsoftonline.com
Bruce Curtis
bruce.curtis at ndsu.edu
Tue Oct 27 20:37:07 UTC 2015
> On Oct 27, 2015, at 12:35 PM, Tony Finch <dot at dotat.at> wrote:
>
> Bruce Curtis <bruce.curtis at ndsu.edu> wrote:
>>
>> FYI our DNS requests to resolve login.microsoftonline.com are failing
>> because of a DNSSEC error.
>
> There's no DS record for microsoftonline.com so you shouldn't have any
> DNSSEC problems with it - my servers can resolve it OK. DNSvis doesn't
> show any problems. The only thing which might cause trouble is the
> SERVFAIL responses to DNSKEY queries flagged by the Verisign DNSSEC
> debugger.
DNSvis did list 4 errors earlier.
4 recursive DNS servers here still fail to resolve login.microsoftonline.com.
I turned DNSSEC validation off on one and it then resolved correctly.
dnssec-validation no;
Thanks for the info. Our customers have reported that it does resolve at the Google public DNS servers also.
> http://dnssec-debugger.verisignlabs.com/login.microsoftonline.com
>>
>> http://dnsviz.net/d/login.microsoftonline.com/dnssec/
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Fitzroy, Sole: Cyclonic, mainly southwesterly, 5 to 7, occasionally gale 8 in
> west Fitzroy. Very rough or high, becoming rough in Sole. Rain or thundery
> showers. Moderate or poor, occasionally good.
---
Bruce Curtis bruce.curtis at ndsu.edu
Certified NetAnalyst II 701-231-8527
North Dakota State University
More information about the NANOG
mailing list