A few additional MS update domains that could be cached without issue

[billthecatt]

I'm using wsusoffline to populate the cache w/ windows update content so that the cache doesn't get hammered the first time someone with an OS I don't normally use shows up at a lan. see http://download.wsusoffline.net/ for more details

As a result, I've added the following domains to the MS cache section of my unbound.conf:

    local-zone: "go.microsoft.com." redirect
    local-data: "go.microsoft.com. 600 IN A x.x.x.x"
    local-zone: "download.sysinternals.com." redirect
    local-data: "download.sysinternals.com. 600 IN A x.x.x.x"
    local-zone: "download.visualstudio.microsoft.com." redirect
    local-data: "download.visualstudio.microsoft.com. 600 IN A x.x.x.x"
    local-zone: "definitionupdates.microsoft.com." redirect
    local-data: "definitionupdates.microsoft.com. 600 IN A 10.1.1.17"

I'm updating the cache before every lan using their linux command line tools and this short bash script:
#update windows updates files
echo "Starting wsusoffline get-all-updates.bash to grow windows updates cache.."
rm /mnt/wsusoffline/timestamps/. -r
rm /mnt/wsusoffline/client/* -r
rm /mnt/wsusoffline/log/download.log
/mnt/wsusoffline/sh/get-all-updates.bash

get-all-updates.bash contains this line:
./download-updates.bash w60,w60-x64,w61,w61-x64,w62-x64,w100,w100-x64,o2k10-x64,o2k13-x64,o2k16-x64 enu -includesp -includecpp -includedotnet -includewddefs -includemsse

Once you have downloaded all the content, you could copy it onto a samba share and then streamline patching your windows clients after you re-image them. Or, just enjoy the fact that your cache has all(almost) the content windows update could ever ask for.

wsusoffline is pretty sweet, Hope this helps someone else get their cache populated w/ MS content.