nslookup -q=any is failing

hello,

i am trying to determine why when i perform an nslookup -q=any
spaces.live.com fails. I currently use bind 9.+.+ and i have it set to
simply query directly from the root.hint servers. i have the latest version
of the hint list. if i configure the named server to use forwarders (my
ISP's name servers for example), then i get the response

Non-authoritative answer:
spaces.live.com nameserver = nss1.dns.msft.net.
spaces.live.com nameserver = nss2.dns.msft.net.
Name: spaces.live.com
Address: 65.54.153.237

Authoritative answers can be found from:
spaces.live.com nameserver = nss2.dns.msft.net.
spaces.live.com nameserver = nss1.dns.msft.net.
nss1.dns.msft.net internet address = 207.46.121.126
nss2.dns.msft.net internet address = 207.68.161.30

if i dont forward the request and simply try to obtain it directly i get **
server can't find spaces.live.com: SERVFAIL. however if i querey a specific
record, say an MX record, i.e.

nslookup -q=MX spaces.live.com

then i do get a response by going directly

Non-authoritative answer:
spaces.live.com mail exchanger = 10 mail.services.spaces.live.com.

Authoritative answers can be found from:
mail.services.spaces.live.com internet address = 65.54.145.125

why is this as it is?

cheers
moth

rancid moth wrote:
> hello,
>
> i am trying to determine why when i perform an nslookup -q=any
> spaces.live.com fails. I currently use bind 9.+.+ and i have it set to
> simply query directly from the root.hint servers. i have the latest version
> of the hint list. if i configure the named server to use forwarders (my
> ISP's name servers for example), then i get the response
>
> Non-authoritative answer:
> spaces.live.com nameserver = nss1.dns.msft.net.
> spaces.live.com nameserver = nss2.dns.msft.net.
> Name: spaces.live.com
> Address: 65.54.153.237
>
> Authoritative answers can be found from:
> spaces.live.com nameserver = nss2.dns.msft.net.
> spaces.live.com nameserver = nss1.dns.msft.net.
> nss1.dns.msft.net internet address = 207.46.121.126
> nss2.dns.msft.net internet address = 207.68.161.30
>
> if i dont forward the request and simply try to obtain it directly i get **
> server can't find spaces.live.com: SERVFAIL. however if i querey a specific
> record, say an MX record, i.e.
>
> nslookup -q=MX spaces.live.com
>
> then i do get a response by going directly
>
> Non-authoritative answer:
> spaces.live.com mail exchanger = 10 mail.services.spaces.live.com.
>
> Authoritative answers can be found from:
> mail.services.spaces.live.com internet address = 65.54.145.125
>
> why is this as it is?
>
> cheers
> moth

I've heard that nslookup is flawed. See
http://veggiechinese.net./nslookup_sucks.txt

Try the 'host' command and see if you have the same problem. If yes,
then post your zone file.

Perhaps concern over amplification attacks using the any query has
caused people to disable them?

rick jones
--
portable adj, code that compiles under more than one compiler
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

> I've heard that nslookup is flawed. See
> http://veggiechinese.net./nslookup_sucks.txt
>
> Try the 'host' command and see if you have the same problem. If yes,
> then post your zone file.
nslookup or dig gives the same results. host gives the same result.

which zone file?

possibly - but how can we explain why my ISP will come back with correct
answers using the any switch


"Rick Jones" <(E-Mail Removed)> wrote in message
news:6VOBg.1676$(E-Mail Removed)...
> Perhaps concern over amplification attacks using the any query has
> caused people to disable them?
>
> rick jones
> --
> portable adj, code that compiles under more than one compiler
> these opinions are mine, all mine; HP might not want them anyway...
> feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

rancid moth <(E-Mail Removed)> wrote:
> possibly - but how can we explain why my ISP will come back with
> correct answers using the any switch

Perhaps the IP's of your ISP's nameservers are whitelisted. Perhaps
they get the data via queries other than any but are still configured
to allow an "any" query. ISTR something about recursing servers
simply responding to an any query with what they had on hand.

rick jones
--
Process shall set you free from the need for rational thought.
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

done some more on this issue: found that using eiether BIND 9+ or windows
DNS produces servefail for the spaces.live.com address (any queries) when
going direct. moved to dnscache i.e. djbdns, and this successfully produces
any queries on the domain. while they always recommend that qmail uses
djbdns, i have been using BIND for years without issues (with the CNAME
buffer patch on qmail). this is the first case where emails were failing to
send because any queries were failing for a domain. have now switched to
djbdns. id still like to hunt down the exact cause - its possibly a config
error.


"Rick Jones" <(E-Mail Removed)> wrote in message
news:fa4Cg.1712$(E-Mail Removed)...
> rancid moth <(E-Mail Removed)> wrote:
>> possibly - but how can we explain why my ISP will come back with
>> correct answers using the any switch
>
> Perhaps the IP's of your ISP's nameservers are whitelisted. Perhaps
> they get the data via queries other than any but are still configured
> to allow an "any" query. ISTR something about recursing servers
> simply responding to an any query with what they had on hand.
>
> rick jones
> --
> Process shall set you free from the need for rational thought.
> these opinions are mine, all mine; HP might not want them anyway...
> feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...