Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
Quoting Pieter Lexis : Hi Michael, On Thu, 18 Aug 2016 14:20:25 + Michael wrote: Last week I updated to Ubuntu 16.04. So I have a new Postfix version (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). Since this update Postfix does not receive correct answers for a particular query anymore. Concretely, queries for A entries of Office365 mail servers. For example if Postfix asks for the A entry of nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix that there does not exists a A record. However, if I manually do this query with dig, I do get an correct answer. Please see the logs at the end of the mail. Besides the queries of Office365 mail servers, the rest is working fine. I have no idea how to track down that issue? Is there any setting in pdns_recursor I have to change? Postfix might be asking for DNSSEC, which is finiky in the alpha version Ubuntu pulled in. Can you install 4.0.1 from our repositories[1] and try again? 4.0.1 has about 5 months more development time in it. Thanks a lot! Updating to 4.0.1 solved the problem for me. Regards, Michael ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
> On Aug 18, 2016, at 8:11 AM, David wrote: > > On 2016-08-18 8:37 AM, Pieter Lexis wrote: >> Hi Michael, >> >> On Thu, 18 Aug 2016 14:20:25 + >> Michael wrote: >> >>> Last week I updated to Ubuntu 16.04. So I have a new Postfix version >>> (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). >>> >>> Since this update Postfix does not receive correct answers for a >>> particular query anymore. Concretely, queries for A entries of >>> Office365 mail servers. >>> >>> For example if Postfix asks for the A entry of >>> nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix >>> that there does not exists a A record. >>> However, if I manually do this query with dig, I do get an correct >>> answer. Please see the logs at the end of the mail. >>> >>> Besides the queries of Office365 mail servers, the rest is working >>> fine. I have no idea how to track down that issue? Is there any >>> setting in pdns_recursor I have to change? >> >> Postfix might be asking for DNSSEC, which is finiky in the alpha version >> Ubuntu pulled in. Can you install 4.0.1 from our repositories[1] and try >> again? 4.0.1 has about 5 months more development time in it. >> > > Also see: https://www.mail-archive.com/mailop@mailop.org/msg01648.html for > more information on how Microsoft does DNS and the issues encountered with > Office365. (DNSSEC and EDNS issues, IIRC). > Their load balancers return FORMERR in response to DNSSEC (or any EDNS, I presume) requests. It's been an ongoing issue (and I've seen it cause resolution problems previously, with pdns_recursor 3.something). Speculation was that it was something to do with short TTLs and/or packet size limitations somewhere on the resolution path. I don't think anyone has looked at the traffic deeply enough to say for sure. Cheers, Steve ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
On 2016-08-18 8:37 AM, Pieter Lexis wrote: Hi Michael, On Thu, 18 Aug 2016 14:20:25 + Michael wrote: Last week I updated to Ubuntu 16.04. So I have a new Postfix version (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). Since this update Postfix does not receive correct answers for a particular query anymore. Concretely, queries for A entries of Office365 mail servers. For example if Postfix asks for the A entry of nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix that there does not exists a A record. However, if I manually do this query with dig, I do get an correct answer. Please see the logs at the end of the mail. Besides the queries of Office365 mail servers, the rest is working fine. I have no idea how to track down that issue? Is there any setting in pdns_recursor I have to change? Postfix might be asking for DNSSEC, which is finiky in the alpha version Ubuntu pulled in. Can you install 4.0.1 from our repositories[1] and try again? 4.0.1 has about 5 months more development time in it. Also see: https://www.mail-archive.com/mailop@mailop.org/msg01648.html for more information on how Microsoft does DNS and the issues encountered with Office365. (DNSSEC and EDNS issues, IIRC). Best regards, Pieter 1 - https://repo.powerdns.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
Hi Michael, On Thu, 18 Aug 2016 14:20:25 + Michael wrote: > Last week I updated to Ubuntu 16.04. So I have a new Postfix version > (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). > > Since this update Postfix does not receive correct answers for a > particular query anymore. Concretely, queries for A entries of > Office365 mail servers. > > For example if Postfix asks for the A entry of > nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix > that there does not exists a A record. > However, if I manually do this query with dig, I do get an correct > answer. Please see the logs at the end of the mail. > > Besides the queries of Office365 mail servers, the rest is working > fine. I have no idea how to track down that issue? Is there any > setting in pdns_recursor I have to change? Postfix might be asking for DNSSEC, which is finiky in the alpha version Ubuntu pulled in. Can you install 4.0.1 from our repositories[1] and try again? 4.0.1 has about 5 months more development time in it. Best regards, Pieter 1 - https://repo.powerdns.com -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
Hi, thanks for the answer. Since I can see the query from Postfix in the logs of PDNS_recursor, I assume Postfix is communicating with the recursor correctly. Here is the content of /var/spool/postfix/etc/resolv.conf root@mx0:~# cat /var/spool/postfix/etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 Thanks, Michael Quoting Leen Besselink : Hi, Sounds like a strange problem. Just to make sure it's set up correctly. Could you check that Postfix is talking to PowerDNS Recursor ? Because Postifx has a seperate resolv.conf (which gets updated when starting Postfix): /var/spool/postfix/etc/resolv.conf On Thu, Aug 18, 2016 at 02:20:25PM +, Michael wrote: Hi all, I have been using pdns_recursor package on my Ubuntu 14.04 quite some time to resolve host names locally. That worked fine for the entire system. Last week I updated to Ubuntu 16.04. So I have a new Postfix version (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). Since this update Postfix does not receive correct answers for a particular query anymore. Concretely, queries for A entries of Office365 mail servers. For example if Postfix asks for the A entry of nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix that there does not exists a A record. However, if I manually do this query with dig, I do get an correct answer. Please see the logs at the end of the mail. Besides the queries of Office365 mail servers, the rest is working fine. I have no idea how to track down that issue? Is there any setting in pdns_recursor I have to change? Thanks, Michael Postfix log = Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2: from=, size=865, nrcpt=1 (queue active) Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for nxp.com has a valid address record Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2: to=, relay=none, delay=1492, delays=1492/0.12/0.81/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=nxp-com.mail.protection.outlook.com type=A: Host not found, try again) = pdns_recursor log after Postfix query = Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for 'nxp.com.|MX' from 127.0.0.1 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question 'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question 'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional, took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp connections, rcode=2 = pdns_log after dig query = Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question 'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional, took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 = ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
Hi, Sounds like a strange problem. Just to make sure it's set up correctly. Could you check that Postfix is talking to PowerDNS Recursor ? Because Postifx has a seperate resolv.conf (which gets updated when starting Postfix): /var/spool/postfix/etc/resolv.conf On Thu, Aug 18, 2016 at 02:20:25PM +, Michael wrote: > Hi all, > > I have been using pdns_recursor package on my Ubuntu 14.04 quite > some time to resolve host names locally. That worked fine for the > entire system. > > Last week I updated to Ubuntu 16.04. So I have a new Postfix version > (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). > > Since this update Postfix does not receive correct answers for a > particular query anymore. Concretely, queries for A entries of > Office365 mail servers. > > For example if Postfix asks for the A entry of > nxp-com.mail.protection.outlook.com, pdns_recursor returns to > Postfix that there does not exists a A record. > However, if I manually do this query with dig, I do get an correct > answer. Please see the logs at the end of the mail. > > Besides the queries of Office365 mail servers, the rest is working > fine. I have no idea how to track down that issue? Is there any > setting in pdns_recursor I have to change? > > Thanks, > Michael > > > Postfix log > = > Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2: > from=, size=865, nrcpt=1 (queue active) > Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for > nxp.com has a valid address record > Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2: > to=, relay=none, delay=1492, delays=1492/0.12/0.81/0, > dsn=4.4.3, status=deferred (Host or domain name not found. Name > service error for name=nxp-com.mail.protection.outlook.com type=A: > Host not found, try again) > = > > pdns_recursor log after Postfix query > = > Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for > 'nxp.com.|MX' from 127.0.0.1 > Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question > 'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms, > 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 > Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for > 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 > Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question > 'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional, > took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp > connections, rcode=2 > = > > pdns_log after dig query > = > Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for > 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 > Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question > 'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional, > took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp > connections, rcode=0 > = > > ___ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix
Hi all, I have been using pdns_recursor package on my Ubuntu 14.04 quite some time to resolve host names locally. That worked fine for the entire system. Last week I updated to Ubuntu 16.04. So I have a new Postfix version (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2). Since this update Postfix does not receive correct answers for a particular query anymore. Concretely, queries for A entries of Office365 mail servers. For example if Postfix asks for the A entry of nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix that there does not exists a A record. However, if I manually do this query with dig, I do get an correct answer. Please see the logs at the end of the mail. Besides the queries of Office365 mail servers, the rest is working fine. I have no idea how to track down that issue? Is there any setting in pdns_recursor I have to change? Thanks, Michael Postfix log = Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2: from=, size=865, nrcpt=1 (queue active) Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for nxp.com has a valid address record Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2: to=, relay=none, delay=1492, delays=1492/0.12/0.81/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=nxp-com.mail.protection.outlook.com type=A: Host not found, try again) = pdns_recursor log after Postfix query = Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for 'nxp.com.|MX' from 127.0.0.1 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question 'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question 'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional, took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp connections, rcode=2 = pdns_log after dig query = Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1 Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question 'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional, took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=0 = ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users