<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black">There’s nothing particularly unusual about the “retrying in TCP mode” message – as Mark explained, that happens whenever the packet size is big and EDNS0 is not being used.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">I looked up this name from an internal Windows 7 box through a BIND-based forwarder (in North America), and it resolves fine:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Non-authoritative answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Name: live-namnorth.office365.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Addresses: 40.97.169.162<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.46.34<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.22.146<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.37.130<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 40.96.7.114<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.250.130<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.71.178<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.75.18<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 132.245.59.114<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> 40.97.144.50<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Aliases: outlook.live.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> edge-live.outlook.office.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> outlook-live-com.a-0010.a-msedge.net<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> ipv4.outlook.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> outlook.live.com.glbdns2.microsoft.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">C:\Windows\System32><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Like your response, there are 5 CNAMEs and 10 A records.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">So, I would say either something is wrong with your client build, or there’s a middlebox somewhere that’s messing with the packets, possibly because it doesn’t how the TCP flavor of DNS works. Time to take a packet
capture and see what’s really going on.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">
- Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> bind-users [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>Daniel Dawalibi<br>
<b>Sent:</b> Friday, October 07, 2016 8:01 AM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> Unspecified error DNS query<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are getting “Unspecified error” when querying our DNS server (Query: outlook.live.com) from a PC communication with our DNS<o:p></o:p></p>
<p class="MsoNormal">We tried to perform the same query from the DNS itself (local host) and we found that the Dig output is showing with the following message “Truncated, retrying in TCP mode”.
<o:p></o:p></p>
<p class="MsoNormal">We also observed that the message size of the requested query “outlook.live.com” increased recently from MSG SIZE 221 to 770
<o:p></o:p></p>
<p class="MsoNormal">Can you please help why we are getting this error (client side) and why the TCP mode is shown in the dig output since other queries do not show TCP mode in their output?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[root@DNS1 dan]# dig outlook.live.com<o:p></o:p></p>
<p class="MsoNormal"><b>;; Truncated, retrying in TCP mode.<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> outlook.live.com<o:p></o:p></p>
<p class="MsoNormal">;; global options: +cmd<o:p></o:p></p>
<p class="MsoNormal">;; Got answer:<o:p></o:p></p>
<p class="MsoNormal">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45725<o:p></o:p></p>
<p class="MsoNormal">;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 7, ADDITIONAL: 11<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">;; QUESTION SECTION:<o:p></o:p></p>
<p class="MsoNormal">;outlook.live.com. IN A<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">;; ANSWER SECTION:<o:p></o:p></p>
<p class="MsoNormal">outlook.live.com. 881 IN CNAME edge-live.outlook.office.com.<o:p></o:p></p>
<p class="MsoNormal">edge-live.outlook.office.com. 280 IN CNAME outlook-live-com.a-0010.a-msedge.net.<o:p></o:p></p>
<p class="MsoNormal">outlook-live-com.a-0010.a-msedge.net. 160 IN CNAME ipv4.outlook.com.<o:p></o:p></p>
<p class="MsoNormal">ipv4.outlook.com. 126 IN CNAME outlook.live.com.glbdns2.microsoft.com.<o:p></o:p></p>
<p class="MsoNormal">outlook.live.com.glbdns2.microsoft.com. 280 IN CNAME live-emeaeast3.office365.com.<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.101.44.178<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 134.170.68.82<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.101.28.178<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.101.1.82<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 132.245.79.242<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.96.21.34<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.101.9.2<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.101.60.2<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 40.96.21.50<o:p></o:p></p>
<p class="MsoNormal">live-emeaeast3.office365.com. 294 IN A 132.245.194.242<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">;; AUTHORITY SECTION:<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns2.msft.net.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns1a.o365filtering.com.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns3.msft.net.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns1.msft.net.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns4a.o365filtering.com.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns4.msft.net.<o:p></o:p></p>
<p class="MsoNormal">office365.com. 170080 IN NS ns2a.o365filtering.com.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">;; ADDITIONAL SECTION:<o:p></o:p></p>
<p class="MsoNormal">ns1.msft.net. 289 IN A 208.84.0.53<o:p></o:p></p>
<p class="MsoNormal">ns2.msft.net. 170080 IN A 208.84.2.53<o:p></o:p></p>
<p class="MsoNormal">ns3.msft.net. 289 IN A 193.221.113.53<o:p></o:p></p>
<p class="MsoNormal">ns4.msft.net. 170080 IN A 208.76.45.53<o:p></o:p></p>
<p class="MsoNormal">ns1a.o365filtering.com. 311 IN A 157.56.110.11<o:p></o:p></p>
<p class="MsoNormal">ns2a.o365filtering.com. 311 IN A 157.56.116.52<o:p></o:p></p>
<p class="MsoNormal">ns4a.o365filtering.com. 311 IN A 157.55.133.11<o:p></o:p></p>
<p class="MsoNormal">ns1.msft.net. 289 IN AAAA 2620:0:30::53<o:p></o:p></p>
<p class="MsoNormal">ns2.msft.net. 170080 IN AAAA 2620:0:32::53<o:p></o:p></p>
<p class="MsoNormal">ns3.msft.net. 289 IN AAAA 2620:0:34::53<o:p></o:p></p>
<p class="MsoNormal">ns4.msft.net. 170080 IN AAAA 2620:0:37::53<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">;; Query time: 0 msec<o:p></o:p></p>
<p class="MsoNormal">;; SERVER: 127.0.0.1#53(127.0.0.1)<o:p></o:p></p>
<p class="MsoNormal">;; WHEN: Fri Oct 7 07:57:41 2016<o:p></o:p></p>
<p class="MsoNormal"><b>;; MSG SIZE rcvd: 770<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards<o:p></o:p></p>
<p class="MsoNormal">Daniel<o:p></o:p></p>
</div>
</body>
</html>