Thanks for that info Bryan. Thomas, does your fix in 16097 consider other delegations that might include "multi-dotted" names where there could be 2 or more levels that don't exist? I supposed there could there be other RFC's out there for other countries/tld's that delegate this way. Is there a way to handle this generically - or maybe ASSP now does.
On Wed, Apr 6, 2016 at 11:08 AM, bryan bradsby <bryan.a...@tx.net> wrote: > Thomas > > Please see RFC 1480 > > https://www.ietf.org/rfc/rfc1480.txt.pdf > > That will explain the strange nomenclature used in the US locality > domain structure. > > "co.delaware.pa.us" would be the government of Delaware County, > Pennsylvania. > > The issue here is that the TLD ".us" delegates directly to > "co.delaware.pa.us". The intermediate zones do not exist. > > > My organization supports > > State government agencies under "state.tx.us" > County government under "co.NAME.tx.us" > City government under "ci.NAME.tx.us" > > where "NAME" is the name of the City or County. > > > bryan.brad...@capnet.state.tx.us > Department of Information Resources > Communications Technology Services > Network Operations Center - Information Technology > > > On Wed, 2016-04-06 at 07:34 +0200, Thomas Eckardt wrote: > > I think I found the reason. > > > > using 'co.delaware.pa.us' > > > > us - TLD > > pa.us - TLD > > delaware.pa.us - invalid !!! > > co.delaware.pa.us - valid > > > > pa.us is a TLD - but there are also sub domains registered as TLD > > like > > cc.pa.us or lib.pa.us (and others) - BUT not delaware.pa.us > > The really strange thing is, that 'delaware.pa.us' it self is > > invalid, but > > subdomains like 'co.delaware.pa.us' are valid. > > > > To be not too strict, assp has tested the domain (delaware.pa.us) of > > the > > host (co.delaware.pa.us) > > the logic of assp: > > Because (pa.us) is a TLD and (delaware.pa.us) is not a TLD , ( > > delaware.pa.us) must be a registered user domain and > > (co.delaware.pa.us) > > must be a host. > > > > I'll try to workaround this. But first I'll ask IANA and will force > > them > > to close the .us TLD but at least the pa.us domain :):) > > > > Thomas > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > An: ASSP development mailing list < > > assp-test@lists.sourceforge.net> > > Datum: 06.04.2016 06:01 > > Betreff: Re: [Assp-test] can't find a name server registration > > > > > > > > I hear yah loud and clear on the nxdomain for the stupid Navy > > subdomains. > > I'm sure it's a valid subdomain internally and they just aren't > > thinking > > when emailing out.... Forget about that one, it's clearly a > > misconfiguration on their end. > > > > But the multiple co.county.status.us domain problem is baffling. > > We've > > got > > 3 dns servers here, none seem to have any problem resolving anything > > - > > I've > > never seen one of these county long domain (multi part) timeout > > during > > manual tests. Just weird that these are the only ones that cause a > > warning > > besides legit nxdomains. Looking at the log, it appears that just 1 > > second > > passes between the connection to ASSP and the warning message > > Warning: > > can't find a name server registration for the sender domain... > > > > Is there a way to enable DNS debugging only for these types of > > domains or > > do I need to turn on DebugSPF (from memory, I feel like that is the > > magic > > debug all DNS switch)? > > > > I'm wondering if there's some kind of perfect storm, there's too many > > dots > > in that domain name where the Net-DNS module or something fails. I > > don't > > see other domain names that we get mail from. What's odder is that I > > don't > > always get this warning with the domain names (which I agree makes it > > sound > > like a problem with our DNS servers, but I can't imagine what - > > there's no > > forwarders, there's 3 of them, they're all responsive and I never > > seem to > > be able to cause a failure) > > > > It's just a warning, but I'd hate do see something and not say > > something - > > or not say something only to discover that we've got something > > failing on > > our end that I didn't know about. > > > > If you're certain that it must be my DNS servers, say so one more > > time and > > I'll drop the discussion here. > > > > As always ,thanks. > > > > On Tue, Apr 5, 2016 at 12:58 PM, Thomas Eckardt > > <thomas.ecka...@thockar.com> > > wrote: > > > > > ASSP does nothing else than ask YOUR DNS-server for 'ANY' DNS > > > -entry. If > > > the DNS-server answers with 'NXDOMAIN' , there is no doubt for > > > assp, > > that > > > this domain/host does'nt exist. This is NOT allowed in SMTP > > > > > > > I know that submail.navy.mil isn't valid > > > > > > So - using 'submail.navy.mil' in SMTP IS A FAULT. There is nothing > > > to > > > 'don't know' 'think about','can','should' ......... > > > And because the host name is not valid, what else 'should' assp do, > > > than > > > to skip all the following DNS queries for this host name > > > (SPF,DKIM,A,MX,....) - there is not 'ANY' DNS-entry? > > > > > > Again: > > > The 'DoRFC822' check hits ONLY, if any of the following is the case > > > > > > - the 'MAIL FROM' address has an invalid format > > > - the TLD (here mil) is not registered to IANA > > > - the answer of an 'ANY' query for the host name is 'NXDOMAIN' - > > > (any > > > other error is ignored by assp) > > > > > > If the answer for 'co.county.state.us' is 'NXDOMAIN', you should > > > check > > > your name server. It should never answer with 'NXDOMAIN' in case of > > > a > > > timeout! > > > > > > Thomas > > > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > > An: ASSP development mailing list < > > > assp-test@lists.sourceforge.net> > > > Datum: 05.04.2016 18:19 > > > Betreff: Re: [Assp-test] can't find a name server > > > registration > > > > > > > > > > > > Terminology mixed me up I guess. Was thinking as the "domain name" > > > as > > > what's registered with the registrar. What's being checked, I'd > > > call > > the > > > "hostname" <-- but I'm wrong according to the RFC. Sorry for that. > > > > > > I know that submail.navy.mil isn't valid, but navy.mil certainly > > > is. > > > Shouldn't ASSP find that though and not complain stating that no > > > more > > DNS > > > checking will be done? > > > > > > And I don't understand what the problem is with co.delaware.pa.us > > > and > > the > > > other co.county.state.us domains. They're valid domain/host names > > > with > > mx > > > records. And it's only multiple part hostnames that show up as > > > warnings > > > in > > > the logs as far as I can tell. > > > > > > Not really worried, just thought I'd bring it up to insure > > > something > > wonky > > > isn't going on. > > > > > > Thanks > > > > > > > > > On Tue, Apr 5, 2016 at 12:08 PM, Thomas Eckardt > > > <thomas.ecka...@thockar.com> > > > wrote: > > > > > > > RFC5321 section 2.3.5. Domain Names > > > > > > > > ASSP is smart and ask for 'ANY' DNS registration for the > > > > domainpart of > > > the > > > > sender address - no entry -> no luck! > > > > > > > > disable 'DoRFC822' if this is not working for you > > > > > > > > Thomas > > > > > > > > > > > > > > > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > > > An: ASSP development mailing list > > <assp-test@lists.sourceforge.net> > > > > Datum: 05.04.2016 17:01 > > > > Betreff: Re: [Assp-test] can't find a name server > > > > registration > > > > > > > > > > > > > > > > This problem hasn't gone away and it only seems to be with > > > > hostnames > > > that > > > > have more than 2 parts - > > > > > > > > For example: > > > > co.delaware.pa.us > > > > resolves just fine on the dns servers > > > > co.delaware.pa.us MX preference = 10, mail exchanger = > > > > co-delaware-pa-us.mail.protection.outlook.com > > > > > > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > > = > > > > 207.46.163.247 > > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > > = > > > > 207.46.163.215 > > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > > = > > > > 207.46.163.138 > > > > > > > > And > > > > submail.navy.mil > > > > *which doesn't seem to be a valid hostname, but shouldn't ASSP be > > > looking > > > > for a name server registration for navy.mil <http://navy.mil> and > > > > not > > > the > > > > full hostname? *I don't know, I'm asking. Just seems odd that > > > > the > > only > > > > time I get these warnings are for hostnames with more than just 2 > > parts. > > > > > > > > Thanks > > > > > > > > On Tue, Feb 23, 2016 at 12:44 PM, K Post <nntp.p...@gmail.com> > > > > wrote: > > > > > > > > > Seeing this again. This time: > > > > > Warning: can't find a name server registration for the sender > > > > > domain > > ' > > > > > co.dodge.wi.us' - all DNS queries will be skipped! > > > > > > > > > > It seems that 99% of the time it's a long city / county domain > > > > > name > > > like > > > > > co.dodge.wi.us ci.wilsonville.or.us co.geauga.oh.us and > > > > co.delaware.pa.us > > > > > > > > > > Thomas, any ideas? > > > > > > > > > > > > > > > On Mon, Feb 1, 2016 at 3:47 PM, K Post <nntp.p...@gmail.com> > > > > > wrote: > > > > > > > > > > > At least it's not just me. > > > > > > > > > > > > James - FYI, you definitely don't want to use public DNS > > > > > > servers > > for > > > > ASSP > > > > > > - too slow and more importantly you could have trouble with > > > > > > things > > > like > > > > > > DNSBL, senderbase, etc where it's limited to a certain number > > > > > > of > > > > queries > > > > > > per IP. > > > > > > > > > > > > On Mon, Feb 1, 2016 at 2:36 PM, James Moe < > > > > > > ji...@sohnen-moe.com> > > > wrote: > > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > Hash: SHA1 > > > > > > > > > > > > > > On 01/29/2016 11:10 AM, K Post wrote: > > > > > > > > I see this on occasion: > > > > > > > > > > > > > > > ASSP version 2.4.5(15334) > > > > > > > I have the same problem. > > > > > > > > > > > > > > > > > > > > > 2016-02-01 08:32:24 Warning: Name Server 205.171.3.65: does > > > > > > > not > > > > > > > respond or timed out > > > > > > > 2016-02-01 08:32:24 Warning: Name Server 8.8.8.8: does not > > > > > > > respond > > > or > > > > > > > timed out > > > > > > > 2016-02-01 08:33:24 Warning: Name Server 127.0.0.1: does > > > > > > > not > > respond > > > > > > > or timed out > > > > > > > 2016-02-01 08:33:24 Warning: Name Server 205.171.3.65: does > > > > > > > not > > > > > > > respond or timed out > > > > > > > 2016-02-01 08:33:24 Warning: Name Server 8.8.8.8: does not > > > > > > > respond > > > or > > > > > > > timed out > > > > > > > 2016-02-01 09:32:49 Warning: Name Server 205.171.3.65: does > > > > > > > not > > > > > > > respond or timed out > > > > > > > 2016-02-01 11:15:27 Warning: can't find a name server > > > > > > > registration > > > for > > > > > > > the sender domain 'mktg.actonsoftware.com' - all DNS > > > > > > > queries will > > be > > > > > > > skipped! > > > > > > > > > > > > > > > > > > > > > - -- > > > > > > > James Moe > > > > > > > moe dot james at sohnen-moe dot com > > > > > > > 520.743.3936 > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > > > Version: GnuPG v2 > > > > > > > > > > > > > > iEYEARECAAYFAlavs8cACgkQzTcr8Prq0ZMSPwCffuGpMYSd1e7/mqCD6Ai > > > > > > > tMYbu > > > > > > > Jm8AnRxQrpenZVUHTwunXFg0E8HvMWYx > > > > > > > =e+8I > > > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > --------- > > > > > > > Site24x7 APM Insight: Get Deep Visibility into Application > > > Performance > > > > > > > APM + Mobile APM + RUM: Monitor 3 App instances at just > > > > > > > $35/Month > > > > > > > Monitor end-to-end web transactions and take corrective > > > > > > > actions > > now > > > > > > > Troubleshoot faster and improve end-user experience. Signup > > > > > > > Now! > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu= > > > > > > > /4140 > > > > > > > _______________________________________________ > > > > > > > Assp-test mailing list > > > > > > > Assp-test@lists.sourceforge.net > > > > > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > --------- > > > > _______________________________________________ > > > > Assp-test mailing list > > > > Assp-test@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > > > > > > DISCLAIMER: > > > > ******************************************************* > > > > This email and any files transmitted with it may be confidential, > > > legally > > > > privileged and protected in law and are intended solely for the > > > > use of > > > the > > > > > > > > individual to whom it is addressed. > > > > This email was multiple times scanned for viruses. There should > > > > be no > > > > known virus in this email! > > > > ******************************************************* > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > --------- > > > > > > > > _______________________________________________ > > > > Assp-test mailing list > > > > Assp-test@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > --------- > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > DISCLAIMER: > > > ******************************************************* > > > This email and any files transmitted with it may be confidential, > > legally > > > privileged and protected in law and are intended solely for the use > > > of > > the > > > > > > individual to whom it is addressed. > > > This email was multiple times scanned for viruses. There should be > > > no > > > known virus in this email! > > > ******************************************************* > > > > > > > > > > > > > > --------------------------------------------------------------------- > > --------- > > > > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > --------------------------------------------------------------------- > > --------- > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > > legally > > privileged and protected in law and are intended solely for the use > > of the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > --------------------------------------------------------------------- > > --------- > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
