How not to set up your DNS (part 8)
This is one of those amusingly creative mistakes to see in action:
- microsoftglobal.com lists as nameservers ns1.one-dom4.com and ns2.one-dom4.com.
- both respond with errors if they are sent queries that allow recursion.
- sent queries marked non-recursive, both answer all DNS queries for the domain with no actual data, but with an 'additional authority' section that says they're the nameservers for the domain.
Nameservers normally answer a query for a domain they don't serve with a referral to a higher zone, such 'com.' or '.', the root zone. That the one-dom4.com nameservers are answering queries with referrals to themselves means that in some sense they believe they handle the domain; it's just that they don't actually have any data for it.
Returning explicit errors for recursive queries is also unusual nameserver behavior; normally, a nameserver that disallows recursion on queries effectively strips the 'recursion allowed' bit off before it processes things, so you get referrals to higher level zones.
(Mind you, judging from their WHOIS information we may not be missing much by not being able to accept email from 'firstname.lastname@example.org'.)