DNS resolution worked fine in late March, but now, some resolvers (my resolver on my LAN behind NAT, and my ISP RCN's resolver) have problems with hostnames it this zone, while other (eg, Google's 8.8.8.8) do not.
These DNS queries are NOT whitewashed. You can query any hostname in the ".mail.eo.outlook.com" zone.
GOOGLE CAN RESOLVE IT . . .
$ dig anything.mail.eo.outlook.com @8.8.8.8
; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26750
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;anything.mail.eo.outlook.com. IN A
;; ANSWER SECTION:
anything.mail.eo.outlook.com. 10 IN A 213.199.154.87
anything.mail.eo.outlook.com. 10 IN A 213.199.154.23
;; Query time: 45 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Apr 4 12:32:01 2013
;; MSG SIZE rcvd: 78
While my resolver, and RCN's cannot:
$ dig anything.mail.eo.outlook.com @192.168.42.108
; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @192.168.42.108
;; global options: +cmd
;; connection timed out; no servers could be reached
$ dig anything.mail.eo.outlook.com @97.107.142.193
; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @97.107.142.193
;; global options: +cmd
;; connection timed out; no servers could be reached
The resolvers do function correctly on other zones:
$ dig +short www.google.com @192.168.42.108
74.125.131.105
74.125.131.106
74.125.131.147
74.125.131.99
74.125.131.103
74.125.131.104
$ dig +short www.amizon.com @192.168.42.108
rewrite.amazon.com.
72.21.210.29
$ dig +short www.google.com @97.107.142.193
74.125.228.49
74.125.228.50
74.125.228.51
74.125.228.52
74.125.228.48
$ dig +short www.amizon.com @97.107.142.193
rewrite.amazon.com.
207.171.166.22
IF I DIG STEP BY STEP . . .
Who is auth for outlook.com? Let's ask 192.35.51.30 (that's f.gtld-servers.net ).
$ dig ns outlook.com @192.35.51.30
; <<>> DiG 9.8.3-P1 <<>> ns outlook.com @192.35.51.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11775
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;outlook.com. IN NS
;; AUTHORITY SECTION:
outlook.com. 172800 IN NS nse1.msft.net.
outlook.com. 172800 IN NS nse5.msft.net.
outlook.com. 172800 IN NS nse2.msft.net.
outlook.com. 172800 IN NS nse3.msft.net.
outlook.com. 172800 IN NS nse4.msft.net.
;; ADDITIONAL SECTION:
nse1.msft.net. 172800 IN AAAA 2a01:111:2005::1:1
nse1.msft.net. 172800 IN A 65.55.37.62
nse5.msft.net. 172800 IN AAAA 2a01:111:200f:1::1:1
nse5.msft.net. 172800 IN A 65.55.226.140
nse2.msft.net. 172800 IN AAAA 2a01:111:2006:6::1:1
nse2.msft.net. 172800 IN A 64.4.59.173
nse3.msft.net. 172800 IN A 213.199.180.53
nse3.msft.net. 172800 IN AAAA 2a01:111:2020::1:1
nse4.msft.net. 172800 IN A 207.46.75.254
nse4.msft.net. 172800 IN AAAA 2404:f800:2003::1:1
;; Query time: 97 msec
;; SERVER: 192.35.51.30#53(192.35.51.30)
;; WHEN: Thu Apr 4 13:57:45 2013
;; MSG SIZE rcvd: 352
Ask one of those nameservers for an answer...
$ dig soa anything.mail.eo.outlook.com @65.55.37.62
; <<>> DiG 9.8.3-P1 <<>> soa anything.mail.eo.outlook.com @65.55.37.62
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19950
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;anything.mail.eo.outlook.com. IN SOA
;; AUTHORITY SECTION:
mail.eo.outlook.com. 7200 IN NS ns2-prodeodns.glbdns.o365filtering.com.
mail.eo.outlook.com. 7200 IN NS ns1-prodeodns.glbdns.o365filtering.com.
;; Query time: 95 msec
;; SERVER: 65.55.37.62#53(65.55.37.62)
;; WHEN: Thu Apr 4 14:36:33 2013
;; MSG SIZE rcvd: 142
So the zone is delegated, let's lookup IP of delegated NS...
$ dig +short ns1-prodeodns.glbdns.o365filtering.com
65.55.169.42
207.46.100.42
And then ask them both...
$ dig anything.mail.eo.outlook.com @65.55.169.42
; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @65.55.169.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33481
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;anything.mail.eo.outlook.com. IN A
;; ANSWER SECTION:
anything.mail.eo.outlook.com. 10 IN A 213.199.154.87
anything.mail.eo.outlook.com. 10 IN A 213.199.154.23
;; Query time: 55 msec
;; SERVER: 65.55.169.42#53(65.55.169.42)
;; WHEN: Thu Apr 4 14:38:21 2013
;; MSG SIZE rcvd: 134
$ dig anything.mail.eo.outlook.com @207.46.100.42
; <<>> DiG 9.8.3-P1 <<>> anything.mail.eo.outlook.com @207.46.100.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36656
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;anything.mail.eo.outlook.com. IN A
;; ANSWER SECTION:
anything.mail.eo.outlook.com. 10 IN A 213.199.154.87
anything.mail.eo.outlook.com. 10 IN A 213.199.154.23
;; Query time: 91 msec
;; SERVER: 207.46.100.42#53(207.46.100.42)
;; WHEN: Thu Apr 4 14:38:31 2013
;; MSG SIZE rcvd: 134
I removed the following line from my named.conf file and the request is now working.
query-source address * port 53;
the following was forwarded to me from someone I reached out to...