nanog mailing list archives
Re: DNSSEC broken for login.microsoftonline.com
From: Bruce Curtis <bruce.curtis () ndsu edu>
Date: Tue, 27 Oct 2015 20:37:07 +0000
On Oct 27, 2015, at 12:35 PM, Tony Finch <dot () dotat at> wrote: Bruce Curtis <bruce.curtis () ndsu edu> wrote:FYI our DNS requests to resolve login.microsoftonline.com are failing because of a DNSSEC error.There's no DS record for microsoftonline.com so you shouldn't have any DNSSEC problems with it - my servers can resolve it OK. DNSvis doesn't show any problems. The only thing which might cause trouble is the SERVFAIL responses to DNSKEY queries flagged by the Verisign DNSSEC debugger.
DNSvis did list 4 errors earlier. 4 recursive DNS servers here still fail to resolve login.microsoftonline.com. I turned DNSSEC validation off on one and it then resolved correctly. dnssec-validation no; Thanks for the info. Our customers have reported that it does resolve at the Google public DNS servers also.
http://dnssec-debugger.verisignlabs.com/login.microsoftonline.comhttp://dnsviz.net/d/login.microsoftonline.com/dnssec/Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ Fitzroy, Sole: Cyclonic, mainly southwesterly, 5 to 7, occasionally gale 8 in west Fitzroy. Very rough or high, becoming rough in Sole. Rain or thundery showers. Moderate or poor, occasionally good.
--- Bruce Curtis bruce.curtis () ndsu edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Current thread:
- DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Tony Finch (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Tony Finch (Oct 28)
- Re: DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Avdija Ahmedhodžić (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Bruce Curtis (Oct 27)
- Re: DNSSEC broken for login.microsoftonline.com Tony Finch (Oct 27)