Having seen this behavior before from overzealous network admins, especially given the fact that freenet owns their netblock and their NS are self-hosted on said netblock rather than cloud DNS SaaS, it's very likely a firewall rule.
I wouldn't be surprised if it was the case, OVH isn't exactly known for reputable traffic. - Mark Alley On Fri, Mar 8, 2024, 6:48 AM Stefano Bagnara <mai...@bago.org> wrote: > On Fri, 8 Mar 2024 at 13:04, Mark Alley <mark.al...@tekmarc.com> wrote: > > Have you considered they may be blocking OVH ASNs on their firewall? > > Well, blocking the whole ASNs even to their NS sounds something very > unexpected. This mean any service (not only email) that is hosted in > OVH (in europe is the biggest provider) thinks their domains don't > even exists. > Also, freenet.de users are not able to write emails to anyone having > the DNS hosted at OVH (millions of domains): sounds like burning your > house to protect it from thieves :-D > > Seems like AS5430 and AS16276 are not talking at all, but I don't know > how confirm it and how to check where is the issue in more detail. > > > Their NS and zone seems resolvable and reachable from pretty much > everything else on the internet according to DNSchecker.org. > > Here you can see their NS IP is not reachable from 7 on 30 location > being tested from western europe: > https://www.host-tracker.com/en/ic/3/189c2804-114d-4be7-94e5-716f131bc458 > > So, I think the issue is more on freenet side than OVH side, but I'd > need someone who knows or have powers to check. > > Now I also wrote an email to the noc/peer emails for both ASN. > Stefano > > > On Fri, Mar 8, 2024, 5:54 AM Stefano Bagnara via mailop < > mailop@mailop.org> wrote: > >> > >> Hi, > >> > >> I'm experiencing routing issues to freenet.de MX since almost 3 days. > >> > >> I can't even lookup the domain as I cannot reach their NS, but the > >> same happens even if I try to ping their email server IP address: > >> > >> 194.97.8.138 > >> 195.4.92.217 > >> > >> From my servers @OVH they are not reachable at all. > >> > >> I checked the IPs at https://check-host.net/check-ping and I see both > >> IP pings from most places but a netherland one, hong kong and 4 > >> russians sources (by comparison my own IPs are reachable from all of > >> those sources). > >> > >> Failing traceroutes from check-host.net and from my IPs stuck at a > >> Cloudflare IP: > >> > >> # traceroute 194.97.8.138 > >> traceroute to 194.97.8.138 (194.97.8.138), 30 hops max, 60 byte packets > >> 1 MYIP 0.373 ms 0.484 ms 0.590 ms > >> 2 10.17.50.74 (10.17.50.74) 0.356 ms 10.17.50.72 (10.17.50.72) > >> 0.396 ms 0.458 ms > >> 3 10.73.17.68 (10.73.17.68) 0.101 ms 10.73.16.116 (10.73.16.116) > >> 0.107 ms 10.73.17.70 (10.73.17.70) 0.134 ms > >> 4 10.95.64.142 (10.95.64.142) 1.027 ms 10.95.64.156 (10.95.64.156) > >> 0.424 ms 10.95.64.136 (10.95.64.136) 0.421 ms > >> 5 par-gsw-sbb1-nc5.fr.eu (54.36.50.228) 3.949 ms 3.825 ms 3.821 ms > >> 6 10.200.2.85 (10.200.2.85) 4.079 ms 10.200.2.77 (10.200.2.77) > >> 71.136 ms 71.123 ms > >> 7 * * * > >> 8 172.71.120.4 (172.71.120.4) 4.689 ms 141.101.67.52 > >> (141.101.67.52) 4.538 ms 4.578 ms > >> 9 172.71.133.105 (172.71.133.105) 3.842 ms 172.71.129.237 > >> (172.71.129.237) 4.226 ms 172.69.187.98 (172.69.187.98) 4.214 ms > >> 10 172.71.133.23 (172.71.133.23) 5.352 ms 172.71.117.70 > >> (172.71.117.70) 4.631 ms 172.71.121.67 (172.71.121.67) 4.512 ms > >> 11 * * * > >> 12 * * * > >> 13 * * * > >> > >> I thought it was a peering issue, but 3 days should be enough for > >> someone to detect and fix it. > >> > >> It doesn't look like a blacklisting issue as I cannot even query their > >> authoritative NS and I can't do that even from IPs that never sent > >> emails. > >> > >> I also checked OVH looking glass and they fail routing to freenet from > >> all of their DCs: > >> > https://lg.ovh.net/traceroute/sgp+vin+sbg+bhs+hil+rbx+lim+bom+gra+waw+syd1+eri/ipv4?q=194.97.8.138 > >> > >> I also tried using OVH hosted email to write an email to a freenet.de > >> domain and it resulted in a "Domain not found" error, so to confirm > >> the whole OVH network can't reach the freenet.de NS. > >> > >> I opened a ticket to OVH but they closed it telling me the traceroute > >> show the problem in outside their network (last working hop is a > >> cloudflare IP). > >> > >> Peering/routing is not my field, so I'm looking for other people with > >> problems sending emails to freenet.de and for suggestions on how/who > >> to contact to fix the issue (maybe I should look for an NOC-op mailing > >> list?) . > >> > >> Stefano > >> > >> -- > >> Stefano Bagnara > >> Apache James/jDKIM/jSPF > >> VOXmail/Mosaico.io/VoidLabs > >> _______________________________________________ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > -- > Stefano Bagnara > Apache James/jDKIM/jSPF > VOXmail/Mosaico.io/VoidLabs >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
