Microsoft your DNS servers are broken

• Previous message (by thread): Microsoft your DNS servers are broken
• Next message (by thread): SAFNOG-4/EANOG/tzNOG - Just Under 2 Weeks To Go!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have forwarded this to my contacts at Microsoft.

On Tue, Sep 11, 2018 at 12:06 AM Mark Andrews <marka at isc.org> wrote:

> While we are talking about DNS server that are broken, Microsoft your
> servers are as well.  As none
> of the zones you serve are DNSSEC signed there isn’t as much breakage
> possible but there are still
> interoperability problems and unnecessary additional traffic.  It’s not
> like the EDNS specification
> is complicated.
>
> The microsoftonline servers will cause DNSSEC validation to fail if they
> ever serve a DNSSEC signed
> zone in this state.  The FORMERR will cause EDNS servers to fallback to
> plain DNS and the validators
> won’t get the records they need.
>
> The azure servers cause problems for anyone deploying a new EDNS options
> as they have to cope with
> your servers incorrectly echoing back the option.  Additionally if EDNS(1)
> is ever deployed there is
> a good chance that resolvers will assume the broken answers indicate that
> there is no data at the
> name.
>
> Mark
>
> cityofharrison-mi.gov. @207.46.15.59 (ns1.bdm.microsoftonline.com.):
> dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=formerr,echoed
> edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok
> optlist=formerr,subnet signed=ok ednstcp=ok
> cityofharrison-mi.gov. @2a01:111:f406:1804::59 (
> ns1.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns at 512=ok
> ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok
> ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok
> cityofharrison-mi.gov. @191.232.83.138 (ns3.bdm.microsoftonline.com.):
> dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=formerr,echoed
> edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok
> optlist=formerr,subnet signed=ok ednstcp=ok
> cityofharrison-mi.gov. @2a01:111:f406:b400::22 (
> ns3.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns at 512=ok
> ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok
> ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok
> cityofharrison-mi.gov. @157.56.81.41 (ns2.bdm.microsoftonline.com.):
> dns=ok edns=ok edns1=ok edns at 512=ok ednsopt=formerr,echoed
> edns1opt=formerr,version-not-zero,echoed do=ok ednsflags=ok
> optlist=formerr,subnet signed=ok ednstcp=ok
> cityofharrison-mi.gov. @2a01:111:f406:3403::41 (
> ns2.bdm.microsoftonline.com.): dns=ok edns=ok edns1=ok edns at 512=ok
> ednsopt=formerr,echoed edns1opt=formerr,version-not-zero,echoed do=ok
> ednsflags=ok optlist=formerr,subnet signed=ok ednstcp=ok
>
> clintoncounty-ia.gov. @13.107.24.7 (ns3-07.azure-dns.org.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @2a01:111:4000::7 (ns3-07.azure-dns.org.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @13.107.160.7 (ns4-07.azure-dns.info.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @2620:1ec:bda::7 (ns4-07.azure-dns.info.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @64.4.48.7 (ns2-07.azure-dns.net.): dns=ok edns=ok
> edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @2620:1ec:8ec::7 (ns2-07.azure-dns.net.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @40.90.4.7 (ns1-07.azure-dns.com.): dns=ok edns=ok
> edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> clintoncounty-ia.gov. @2603:1061::7 (ns1-07.azure-dns.com.): dns=ok
> edns=ok edns1=noerror,badversion edns at 512=ok ednsopt=echoed
> edns1opt=noerror,badversion do=ok ednsflags=ok optlist=ok,subnet signed=ok
> ednstcp=ok
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> <https://maps.google.com/?q=1+Seymour+St.,+Dundas+Valley,+NSW+2117,+Australia&entry=gmail&source=g>
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
>
> --
Mehmet
+1-424-298-1903
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180911/9d0a10bf/attachment.html>

• Previous message (by thread): Microsoft your DNS servers are broken
• Next message (by thread): SAFNOG-4/EANOG/tzNOG - Just Under 2 Weeks To Go!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]