When will all the idiots who think they know how to configure DNS, but obviously don't, learn that they can't get away with having all their nameservers on the same network no matter how well connected that network might appear to be under the best of conditions, or how many different directions the fiber leaves the building/campus? As you can see for MICROSOFT.COM everything's apparently in one place, network geography-wise: Domain servers in listed order: DNS4.CP.MSFT.NET 207.46.138.11 DNS5.CP.MSFT.NET 207.46.138.12 DNS6.CP.MSFT.NET 207.46.138.20 DNS7.CP.MSFT.NET 207.46.138.21 Those addresses might be in a /16 in allocation: Microsoft (NETBLK-MICROSOFT-GLOBAL-NET) MICROSOFT-GLOBAL-NET 207.46.0.0 - 207.46.255.255 and whois.ra.net shows a /18 for their routing: $ whois -h whois.ra.net 207.46.138.11 Route: 207.46.128.0/18 descr: MS-CP origin: AS8070 mnt-by: MICROSOFT-MAINT-CW changed: judithsh@microsoft.com 20001024 source: CW but I'd almost be willing to bet that all those machines are in the same building, and maybe even in the same room (and if not they're probably at least all on the same campus). Even if they have tunnels routing these addresses to machines in diverse physical locales, they don't seem to have managed to eliminate any significant number of the serious failure scenarios. Seems I can at the moment get to *one* of their nameservers: $ host -C microsoft.com microsoft.com NS DNS4.CP.MSFT.NET Nameserver DNS4.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS4.CP.MSFT.NET, try again microsoft.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again microsoft.com NS DNS7.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) !!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS microsoft.com NS DNS6.CP.MSFT.NET Nameserver DNS6.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS6.CP.MSFT.NET, try again but it's not one that's registered for MSNBC.COM.... Domain servers in listed order: DNS4.CP.MSFT.NET 207.46.138.11 DNS5.CP.MSFT.NET 207.46.138.12 $ host -C msnbc.com msnbc.com NS DNS4.CP.MSFT.NET Nameserver DNS4.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS4.CP.MSFT.NET, try again msnbc.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again I can however eventually (took one retry and quite a few seconds!) get an answer for www.mnbc.com it seems: $ host -a www.msnbc.com www.msnbc.com CNAME msnbc.com msnbc.com NS DNS4.CP.MSFT.NET msnbc.com NS DNS5.CP.MSFT.NET msnbc.com A 207.46.238.109 msnbc.com A 207.46.238.23 msnbc.com A 207.46.238.24 msnbc.com A 207.46.238.26 msnbc.com A 207.46.150.205 msnbc.com A 207.46.150.254 Wow! Would you look at that! They may even have their web servers more diversely placed on the network than they do their nameservers! If only Microsoft were the only ones that made this kind of inevitably fatal (at least from a DNS point of view) mistake..... :-( One would think that a company with the obvious resources and power they have would have registered nameservers on every major backbone on the planet, and then some (right up to the maximum possible!). I don't want my nameservers to disappear from any part of the net at any time, and I'm sure they don't either. I've only got three for my home domain (with really only two separate network paths to them), but I'm not a multi-national corporation either! Oh, and just as I'm about to send this off I see one more server cough up replies (guess that's where I got the msnbc.com A RRs from too): $ host -C msnbc.com msnbc.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding msnbc.com SOA record not found at DNS5.CP.MSFT.NET, try again msnbc.com NS DNS4.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012205 1800 900 7200000 3600) !!! msnbc.com SOA primary dns.cp.msft.net is not advertised via NS $ host -C microsoft.com microsoft.com NS DNS5.CP.MSFT.NET Nameserver DNS5.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS5.CP.MSFT.NET, try again microsoft.com NS DNS7.CP.MSFT.NET Nameserver DNS7.CP.MSFT.NET not responding microsoft.com SOA record not found at DNS7.CP.MSFT.NET, try again microsoft.com NS DNS6.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) !!! microsoft.com SOA primary dns.cp.msft.net is not advertised via NS microsoft.com NS DNS4.CP.MSFT.NET dns.cp.msft.net msnhst.microsoft.com (2001012306 900 600 7200000 7200) -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>