info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Event 5504 when using root hints on Server 2008 R2
1 view
Skip to first unread message
![Ace Fekay [MVP-DS, MCT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Ace Fekay [MVP-DS, MCT]
Jan 19, 2010, 11:15:10 PM1/19/10
to
"Jonathan de Boyne Pollard" <J.deBoynePoll...@NTLWorld.COM> wrote
in message news:IU.20100115....@J.de.Boyne.Pollard.localhost...
> I've been tempted, in recent months, to start a content DNS service
> "Hall of Shame", listing content DNS services that don't get the DNS
> protocol right, or that are woefully inadequate in their handling of the
> DNS protocol, to the extent of causing interoperability problems with
> widespread secure resolving proxy DNS servers that necessitate variances
> from the protocol. Lloyds TSB not including a question section in its
> responses to EDNS0 queries would be the third on such a list, after Google
> (whose content DNS servers erroneously stop halfway through constructing
> responses) and Amazon (whose content DNS servers in combination put CNAME
> resource records on a delegation point). I haven't done so, yet. But
> perhaps it would raise awareness of exactly how much bad protocol
> softwares like Microsoft's DNS server have to be coded to cope with, and
> the security tradeoffs that are forced as a result; and how flawed the DNS
> protocol itself really is.
>
>
> Here is another very well known ISP that has the same issue:
> Earthlink.net. When we attempt to send mail to one of their hosted
> customers, bronsoncos.com which uses Earthlink.net as it's ISP, you get
> the 5504 event ID on Windows 2008 R2.
>
> The resolving proxy DNS server that I used to test this before actually
> logs this problem thrice for the DNS lookups involved in sending mail.�
> This is because of the intermediate domain names:
>
>
> [C:\]dnsqry mx bronsoncos.com.|grep /b/u Answer:
> Answer: bronsoncos.com. IN MX 86066 10 store-forward.mspring.net.
> Answer: bronsoncos.com. IN MX 86066 5 mail.bronsoncos.com.
> Looking up both of the intermediate domain names mail.bronsoncos.com. and
> store-forward.mspring.net. results in A queries to the self-same content
> DNS servers that received the MX query.� All three queries will receive
> "bad format" responses with zero question section resource records.
>
>
> Perhaps you can add them to your list of companies that don't comply!
>
>
> You, too, want me to start that list, eh?� (-:
>
in message news:IU.20100115....@J.de.Boyne.Pollard.localhost...
> I've been tempted, in recent months, to start a content DNS service
> "Hall of Shame", listing content DNS services that don't get the DNS
> protocol right, or that are woefully inadequate in their handling of the
> DNS protocol, to the extent of causing interoperability problems with
> widespread secure resolving proxy DNS servers that necessitate variances
> from the protocol. Lloyds TSB not including a question section in its
> responses to EDNS0 queries would be the third on such a list, after Google
> (whose content DNS servers erroneously stop halfway through constructing
> responses) and Amazon (whose content DNS servers in combination put CNAME
> resource records on a delegation point). I haven't done so, yet. But
> perhaps it would raise awareness of exactly how much bad protocol
> softwares like Microsoft's DNS server have to be coded to cope with, and
> the security tradeoffs that are forced as a result; and how flawed the DNS
> protocol itself really is.
>
>
> Here is another very well known ISP that has the same issue:
> Earthlink.net. When we attempt to send mail to one of their hosted
> customers, bronsoncos.com which uses Earthlink.net as it's ISP, you get
> the 5504 event ID on Windows 2008 R2.
>
> The resolving proxy DNS server that I used to test this before actually
> logs this problem thrice for the DNS lookups involved in sending mail.�
> This is because of the intermediate domain names:
>
>
> [C:\]dnsqry mx bronsoncos.com.|grep /b/u Answer:
> Answer: bronsoncos.com. IN MX 86066 10 store-forward.mspring.net.
> Answer: bronsoncos.com. IN MX 86066 5 mail.bronsoncos.com.
> Looking up both of the intermediate domain names mail.bronsoncos.com. and
> store-forward.mspring.net. results in A queries to the self-same content
> DNS servers that received the MX query.� All three queries will receive
> "bad format" responses with zero question section resource records.
>
>
> Perhaps you can add them to your list of companies that don't comply!
>
>
> You, too, want me to start that list, eh?� (-:
>
I thought you already did?
Ace
0 new messages