IPs Owned by Microsoft?

Speak after me: PROXY FIREWALL

infrastructure automatically We have 20+ network segments and three levels of firewalls. Probably I don't need that advice. :)
I still have the question I originally asked.

*cough* You need a proxy firewall to do that in a reliable way.
I've never seen any firewall implementation that resolves DNS hostnames at runtime and registers for receiving DNS updates or reissues requests after TTL timeout.
And even if you had such an implementation, Microsoft does DNS round-robin and various other kinds of load-balancing so your apporach would be pretty fruitless.
(And you need to fix your quoting. Probably it might be better to not abuse OE as a newsreader.)

I don't have any requirement to resolve DNS. Maybe you read something additional into my original question that I didn't intend to be there.
I am asking what block of IP addresses in the 64.4.0.0 Class C does Microsoft use for Windows update. I'm doing this so that the firewall rule will allow access to a certain class of machines on any of those IPs. On machines that live on one of our DMZs, no outbound IP is allowed by default, on any port. For Windows Update, we want to authorize outbound http/https to a limited number of IPs, and I'm just trying to identify the IPs in this range, whose reverse DNS don't appear to all point to Microsoft.
It doesn't matter that Microsoft round robins to different IPs in this block. I just want to know what the block is.
Unfortunately, too many posts up already, archived in the evil Microsoft newsreader, so I'm anchored to it, reluctantly.

Sorry, I implied that you had at least understand that the set of IPs on the load-balancer is shared with other services, not just Windows Update.
As if no real newsreader could import the OE garbage files...