Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
Hello I almost forgot that, here a local ISP (and the biggest) Hinet uses primarily subdomain as the mail address for its users. for example, $ for i in `seq 11 19`;do dig ms$i.hinet.net mx +nocmd +noall +answer;echo;done ms11.hinet.net. 86263 IN MX 0 msx-smtp-mx1.hinet.net. ms11.hinet.net. 86263 IN MX 0 msx-smtp-mx2.hinet.net. ms12.hinet.net. 86336 IN MX 0 msx-smtp-mx1.hinet.net. ms12.hinet.net. 86336 IN MX 0 msx-smtp-mx2.hinet.net. ms13.hinet.net. 86337 IN MX 0 msx-smtp-mx1.hinet.net. ms13.hinet.net. 86337 IN MX 0 msx-smtp-mx2.hinet.net. ms14.hinet.net. 86337 IN MX 0 msx-smtp-mx1.hinet.net. ms14.hinet.net. 86337 IN MX 0 msx-smtp-mx2.hinet.net. ms15.hinet.net. 86269 IN MX 0 msx-smtp-mx1.hinet.net. ms15.hinet.net. 86269 IN MX 0 msx-smtp-mx2.hinet.net. ms16.hinet.net. 86338 IN MX 0 msx-smtp-mx2.hinet.net. ms16.hinet.net. 86338 IN MX 0 msx-smtp-mx1.hinet.net. ms17.hinet.net. 86337 IN MX 0 msx-smtp-mx1.hinet.net. ms17.hinet.net. 86337 IN MX 0 msx-smtp-mx2.hinet.net. ms18.hinet.net. 86337 IN MX 0 msx-smtp-mx2.hinet.net. ms18.hinet.net. 86337 IN MX 0 msx-smtp-mx1.hinet.net. ms19.hinet.net. 86296 IN MX 0 msx-smtp-mx2.hinet.net. ms19.hinet.net. 86296 IN MX 0 msx-smtp-mx1.hinet.net. They have dozens of this kind of domains. But, all those subdomains have no zone defined. And, hinet.net is not listed into PSL from the query here: https://publicsuffix.org/list/public_suffix_list.dat I don't think those addresses can't send messages to yahoo/kimo mailbox. regards, Ken Peng ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
Heho, On Tue, 2023-05-09 at 20:20 -0400, John Levine wrote: > ... > There are millions of domains on the Internet and only a few thousand > in the PSL, so this is not a problem that most people need to worry > about. I am actually rather certain that 'not most people' approximately evaluates to two, with both of them being on this mailing list. ;-) That being said; Of course, just doing things correctly is (obviously) the right solution; The 'solution' I outlined is for the specific context of 'legacy system in place that does not do zone-breaks, how do we get this fixed while we figure out how to properly fix our tree because whatever set of scripts currently manages our zone(s) grew sentient roughly two decades before ChatGPT and is really skeptical of change'. ;-) With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
It appears that Tobias Fiebig via mailop said: >Talking to a colleague about this; What you could do is move your >current DNS setup behind powerdns frontends with a remote backend: > >https://doc.powerdns.com/authoritative/backends/remote.html >https://github.com/PowerDNS/pdns/blob/master/modules/remotebackend/example.rb > >You could use that with a script to programatically inject SOA/NS/DS >for names matching a specific pattern; At the same time, you could also >use that to roll out DNSSEC. ;-) That would work, but if you put your domain in the PSL, normally you put subdmains in separate zones to make it easier to manage them separately. There are millions of domains on the Internet and only a few thousand in the PSL, so this is not a problem that most people need to worry about. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
On Tue, 2023-05-09 at 10:19 +0200, Stefano Bagnara via mailop wrote: > ... > > #1 host -t soa e.comune.bardolino.vr.it > e.comune.bardolino.vr.it is an alias for app.mailvox.it. > ... > > I guess it is not the missing SOA at #2 because all of our senders > share that step and most of them show no issues. > So maybe the issue are the missing SOA at #4/#5, but this would be > out of control by me or my customer (che municipality of Bardolino). It is actually the one at #1; or rather, at bardolino.vr.it, even though adding it at e.comune.bardolino.vr.it or comune.bardolino.vr.it should also help. Talking to a colleague about this; What you could do is move your current DNS setup behind powerdns frontends with a remote backend: https://doc.powerdns.com/authoritative/backends/remote.html https://github.com/PowerDNS/pdns/blob/master/modules/remotebackend/example.rb You could use that with a script to programatically inject SOA/NS/DS for names matching a specific pattern; At the same time, you could also use that to roll out DNSSEC. ;-) With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
On Tue, 9 May 2023 at 04:10, John Levine wrote: > It appears that Stefano Bagnara via mailop said: > >Sounds like our standard senders using @e.example.com domain in their > >RFC5321 are able to deliver to Yahoo while italian municipalities > >using, e.g., @e.comune.bardolino.vr.it (so 2 more levels) don't work. > > Well, yeah, because vr.it is in the PSL. Same exact problem. What would be the fix for this case? Where should we try to add the missing SOA record? (I'm not sure we can do that, but at this time I don't even get which SOA record should be added to which host in order to fix the issue). #1 host -t soa e.comune.bardolino.vr.it e.comune.bardolino.vr.it is an alias for app.mailvox.it. #2 host -t soa app.mailvox.it app.mailvox.it has no SOA record #3 host -t soa comune.bardolino.vr.it comune.bardolino.vr.it has SOA record dns.technorail.com. hostmaster.comune.bardolino.vr.it. 1 86400 7200 2592000 3600 #4 host -t soa bardolino.vr.it bardolino.vr.it has no SOA record #5 host -t soa vr.it vr.it has no SOA record #6 host -t soa it it has SOA record dns.nic.it. hostmaster.nic.it. 2023050909 10800 900 604800 3600 I guess it is not the missing SOA at #2 because all of our senders share that step and most of them show no issues. So maybe the issue are the missing SOA at #4/#5, but this would be out of control by me or my customer (che municipality of Bardolino). Maybe Yahoo has to whitelist us somehow? I wrote them. -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: PSL: SOA record per subdomain required?!
It appears that Stefano Bagnara via mailop said: >On Mon, 8 May 2023 at 20:50, Marcel Becker via mailop >wrote: >> I can't speak for the Yahoo of over a decade ago, but I can assure you that >> the Yahoo of today will respond and try to help you if you actually >reach out to us having a problem delivering your mail people actually want. > >We think we see this SOA issues for our italian municipalities senders. > >Sounds like our standard senders using @e.example.com domain in their >RFC5321 are able to deliver to Yahoo while italian municipalities >using, e.g., @e.comune.bardolino.vr.it (so 2 more levels) don't work. Well, yeah, because vr.it is in the PSL. Same exact problem. >(I have a lot of cases confirming both working and not working cases: >the non working are all the "*.comune.*.[a-z][a-z].it"). I'm guessing these are the ones, since they're all in the PSL: // Reserved geo-names (regions and provinces): // https://www.nic.it/sites/default/files/archivio/docs/Regulation_assignation_v7.1.pdf // Regions abr.it abruzzo.it aosta-valley.it aostavalley.it bas.it basilicata.it cal.it calabria.it cam.it campania.it emilia-romagna.it emiliaromagna.it emr.it friuli-v-giulia.it friuli-ve-giulia.it friuli-vegiulia.it friuli-venezia-giulia.it friuli-veneziagiulia.it friuli-vgiulia.it friuliv-giulia.it friulive-giulia.it friulivegiulia.it friulivenezia-giulia.it friuliveneziagiulia.it friulivgiulia.it fvg.it laz.it lazio.it lig.it liguria.it lom.it lombardia.it lombardy.it lucania.it mar.it marche.it mol.it molise.it piedmont.it piemonte.it pmn.it pug.it puglia.it sar.it sardegna.it sardinia.it sic.it sicilia.it sicily.it taa.it tos.it toscana.it trentin-sud-tirol.it trentin-s�d-tirol.it trentin-sudtirol.it trentin-s�dtirol.it trentin-sued-tirol.it trentin-suedtirol.it trentino-a-adige.it trentino-aadige.it trentino-alto-adige.it trentino-altoadige.it trentino-s-tirol.it trentino-stirol.it trentino-sud-tirol.it trentino-s�d-tirol.it trentino-sudtirol.it trentino-s�dtirol.it trentino-sued-tirol.it trentino-suedtirol.it trentino.it trentinoa-adige.it trentinoaadige.it trentinoalto-adige.it trentinoaltoadige.it trentinos-tirol.it trentinostirol.it trentinosud-tirol.it trentinos�d-tirol.it trentinosudtirol.it trentinos�dtirol.it trentinosued-tirol.it trentinosuedtirol.it trentinsud-tirol.it trentins�d-tirol.it trentinsudtirol.it trentins�dtirol.it trentinsued-tirol.it trentinsuedtirol.it tuscany.it umb.it umbria.it val-d-aosta.it val-daosta.it vald-aosta.it valdaosta.it valle-aosta.it valle-d-aosta.it valle-daosta.it valleaosta.it valled-aosta.it valledaosta.it vallee-aoste.it vall�e-aoste.it vallee-d-aoste.it vall�e-d-aoste.it valleeaoste.it vall�eaoste.it valleedaoste.it vall�edaoste.it vao.it vda.it ven.it veneto.it // Provinces ag.it agrigento.it al.it alessandria.it alto-adige.it altoadige.it an.it ancona.it andria-barletta-trani.it andria-trani-barletta.it andriabarlettatrani.it andriatranibarletta.it ao.it aosta.it aoste.it ap.it aq.it aquila.it ar.it arezzo.it ascoli-piceno.it ascolipiceno.it asti.it at.it av.it avellino.it ba.it balsan-sudtirol.it balsan-s�dtirol.it balsan-suedtirol.it balsan.it bari.it barletta-trani-andria.it barlettatraniandria.it belluno.it benevento.it bergamo.it bg.it bi.it biella.it bl.it bn.it bo.it bologna.it bolzano-altoadige.it bolzano.it bozen-sudtirol.it bozen-s�dtirol.it bozen-suedtirol.it bozen.it br.it brescia.it brindisi.it bs.it bt.it bulsan-sudtirol.it bulsan-s�dtirol.it bulsan-suedtirol.it bulsan.it bz.it ca.it cagliari.it caltanissetta.it campidano-medio.it campidanomedio.it campobasso.it carbonia-iglesias.it carboniaiglesias.it carrara-massa.it carraramassa.it caserta.it catania.it catanzaro.it cb.it ce.it cesena-forli.it cesena-forl�.it cesenaforli.it cesenaforl�.it ch.it chieti.it ci.it cl.it cn.it co.it como.it cosenza.it cr.it cremona.it crotone.it cs.it ct.it cuneo.it cz.it dell-ogliastra.it dellogliastra.it en.it enna.it fc.it fe.it fermo.it ferrara.it fg.it fi.it firenze.it florence.it fm.it foggia.it forli-cesena.it forl�-cesena.it forlicesena.it forl�cesena.it fr.it frosinone.it ge.it genoa.it genova.it go.it gorizia.it gr.it grosseto.it iglesias-carbonia.it iglesiascarbonia.it im.it imperia.it is.it isernia.it kr.it la-spezia.it laquila.it laspezia.it latina.it lc.it le.it lecce.it lecco.it li.it livorno.it lo.it lodi.it lt.it lu.it lucca.it macerata.it mantova.it massa-carrara.it massacarrara.it matera.it mb.it mc.it me.it medio-campidano.it mediocampidano.it messina.it mi.it milan.it milano.it mn.it mo.it modena.it monza-brianza.it monza-e-della-brianza.it monza.it monzabrianza.it monzaebrianza.it monzaedellabrianza.it ms.it mt.it na.it naples.it napoli.it no.it novara.it nu.it nuoro.it og.it ogliastra.it olbia-tempio.it olbiatempio.it or.it oristano.it ot.it pa.it padova.it padua.it palermo.it parma.it pavia.it pc.it pd.it pe.it perugia.it pesaro-urbino.it pesarourbino.it pescara.it pg.it pi.it piacenza.it pisa.it pistoia.it pn.it po.it
