Re: [dns-operations] dnsviz.net complaining "UDP_-_NOEDNS_" for gtld-servers.net
On Fri, Jun 05, 2020 at 11:26:55AM +0200, Thomas Mieslinger wrote: > I have a customer complaining being unable to send/receive email. > > https://dnsviz.net/d/sportsproducts.net/dnssec/ The report as stated does not contain sufficient detail. What does "unable" mean, especially in the context of a bidirectional issue. No inbound email from particular senders? From all senders? What do the senders see as the apparent problem? No outbound email to particular receivers? To all receivers? What do the MTA logs report as the apparent failure mode? The domain looks fine for inbound mail. DNS is OK: sportsproducts.net. IN DS ? ; NODATA AD=0 sportsproducts.net. IN MX 10 mx00.1and1.com. ; NoError AD=0 sportsproducts.net. IN MX 11 mx01.1and1.com. ; NoError AD=0 Opportunistic TLS is also OK: $ posttls-finger -l may -L summary -c sportsproducts.net posttls-finger: Untrusted TLS connection established to mx00.1and1.com[74.208.5.3]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) -- Viktor. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Re: [dns-operations] dnsviz.net complaining "UDP_-_NOEDNS_" for gtld-servers.net
On Fri, Jun 05, 2020 at 11:26:55AM +0200, Thomas Mieslinger wrote a message of 29 lines which said: > I have a customer complaining being unable to send/receive email. sportsproducts.net appear to DNS-work fine, so the problem is probably elsewhere. > https://dnsviz.net/d/sportsproducts.net/dnssec/ > > shows errors: > sportsproducts.net/DS: No response was received from the server > over UDP (tried 12 times). (2001:502:1ca1::30, 2001:503:d414::30, > 2001:503:eea3::30, UDP_-_NOEDNS_) Timeout with Verisign name servers. Unfortunately, it is too common with the IPv6 Internet. But, unless the resolver is v6-only, it does not prevent DNS resolution (otherwise, no .net name would work). So, it is probably not the reason why your customer has problems. A test with the RIPE Atlas probes, to show that a few of them have the problem: % blaeu-resolve --nameserver 2001:502:1ca1::30 -r 100 --dnssec -q DS sportsproducts.net Nameserver 2001:502:1ca1::30 [] : 96 occurrences [TIMEOUT] : 3 occurrences Test #25636763 done at 2020-06-05T11:20:54Z ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[dns-operations] dnsviz.net complaining "UDP_-_NOEDNS_" for gtld-servers.net
I have a customer complaining being unable to send/receive email. https://dnsviz.net/d/sportsproducts.net/dnssec/ shows errors: sportsproducts.net/DS: No response was received from the server over UDP (tried 12 times). (2001:502:1ca1::30, 2001:503:d414::30, 2001:503:eea3::30, UDP_-_NOEDNS_) sportsproducts.net/NS: No response was received from the server over UDP (tried 12 times). (2001:502:1ca1::30, 2001:503:d414::30, 2001:503:eea3::30, UDP_-_NOEDNS_) From Germany (more specific HE-FRA) I can not reproduce this error. From us-mkc (as8560): no problem. Answer size reported by dig: 864 (ds)/ 643 (ns) Anyone an idea what is wrong? Cheers Thomas ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations