subject:"\[Pdns\-users\] PowerDNS Recursor does not provide correct answer to Postfix"

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Michael


Quoting Pieter Lexis :


Hi Michael,

On Thu, 18 Aug 2016 14:20:25 +
Michael  wrote:


Last week I updated to Ubuntu 16.04. So I have a new Postfix version
(3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).

Since this update Postfix does not receive correct answers for a
particular query anymore. Concretely, queries for A entries of
Office365 mail servers.

For example if Postfix asks for the A entry of
nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix
that there does not exists a A record.
However, if I manually do this query with dig, I do get an correct
answer. Please see the logs at the end of the mail.

Besides the queries of Office365 mail servers, the rest is working
fine. I have no idea how to track down that issue? Is there any
setting in pdns_recursor I have to change?


Postfix might be asking for DNSSEC, which is finiky in the alpha  
version Ubuntu pulled in. Can you install 4.0.1 from our  
repositories[1] and try again? 4.0.1 has about 5 months more  
development time in it.


Thanks a lot!
Updating to 4.0.1 solved the problem for me.

Regards,
Michael

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Steve Atkins


> On Aug 18, 2016, at 8:11 AM, David  wrote:
> 
> On 2016-08-18 8:37 AM, Pieter Lexis wrote:
>> Hi Michael,
>> 
>> On Thu, 18 Aug 2016 14:20:25 +
>> Michael  wrote:
>> 
>>> Last week I updated to Ubuntu 16.04. So I have a new Postfix version
>>> (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).
>>> 
>>> Since this update Postfix does not receive correct answers for a
>>> particular query anymore. Concretely, queries for A entries of
>>> Office365 mail servers.
>>> 
>>> For example if Postfix asks for the A entry of
>>> nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix
>>> that there does not exists a A record.
>>> However, if I manually do this query with dig, I do get an correct
>>> answer. Please see the logs at the end of the mail.
>>> 
>>> Besides the queries of Office365 mail servers, the rest is working
>>> fine. I have no idea how to track down that issue? Is there any
>>> setting in pdns_recursor I have to change?
>> 
>> Postfix might be asking for DNSSEC, which is finiky in the alpha version 
>> Ubuntu pulled in. Can you install 4.0.1 from our repositories[1] and try 
>> again? 4.0.1 has about 5 months more development time in it.
>> 
> 
> Also see: https://www.mail-archive.com/mailop@mailop.org/msg01648.html for 
> more information on how Microsoft does DNS and the issues encountered with 
> Office365. (DNSSEC and EDNS issues, IIRC).
> 

Their load balancers return FORMERR in response to DNSSEC (or any EDNS, I 
presume) requests. It's been an ongoing issue (and I've seen it cause 
resolution problems previously, with pdns_recursor 3.something).

Speculation was that it was something to do with short TTLs and/or packet size 
limitations somewhere on the resolution path. I don't think anyone has looked 
at the traffic deeply enough to say for sure.

Cheers,
  Steve
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread David


On 2016-08-18 8:37 AM, Pieter Lexis wrote:

Hi Michael,

On Thu, 18 Aug 2016 14:20:25 +
Michael  wrote:


Last week I updated to Ubuntu 16.04. So I have a new Postfix version
(3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).

Since this update Postfix does not receive correct answers for a
particular query anymore. Concretely, queries for A entries of
Office365 mail servers.

For example if Postfix asks for the A entry of
nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix
that there does not exists a A record.
However, if I manually do this query with dig, I do get an correct
answer. Please see the logs at the end of the mail.

Besides the queries of Office365 mail servers, the rest is working
fine. I have no idea how to track down that issue? Is there any
setting in pdns_recursor I have to change?


Postfix might be asking for DNSSEC, which is finiky in the alpha version Ubuntu 
pulled in. Can you install 4.0.1 from our repositories[1] and try again? 4.0.1 
has about 5 months more development time in it.



Also see: https://www.mail-archive.com/mailop@mailop.org/msg01648.html 
for more information on how Microsoft does DNS and the issues 
encountered with Office365. (DNSSEC and EDNS issues, IIRC).




Best regards,

Pieter

1 - https://repo.powerdns.com



___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Pieter Lexis

Hi Michael,

On Thu, 18 Aug 2016 14:20:25 +
Michael  wrote:

> Last week I updated to Ubuntu 16.04. So I have a new Postfix version  
> (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).
> 
> Since this update Postfix does not receive correct answers for a  
> particular query anymore. Concretely, queries for A entries of  
> Office365 mail servers.
> 
> For example if Postfix asks for the A entry of  
> nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix  
> that there does not exists a A record.
> However, if I manually do this query with dig, I do get an correct  
> answer. Please see the logs at the end of the mail.
> 
> Besides the queries of Office365 mail servers, the rest is working  
> fine. I have no idea how to track down that issue? Is there any  
> setting in pdns_recursor I have to change?

Postfix might be asking for DNSSEC, which is finiky in the alpha version Ubuntu 
pulled in. Can you install 4.0.1 from our repositories[1] and try again? 4.0.1 
has about 5 months more development time in it.

Best regards,

Pieter

1 - https://repo.powerdns.com

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Michael


Hi,

thanks for the answer.

Since I can see the query from Postfix in the logs of PDNS_recursor, I  
assume Postfix is communicating with the recursor correctly.


Here is the content of /var/spool/postfix/etc/resolv.conf

root@mx0:~# cat /var/spool/postfix/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

Thanks,
Michael

Quoting Leen Besselink :


Hi,

Sounds like a strange problem.

Just to make sure it's set up correctly.

Could you check that Postfix is talking to PowerDNS Recursor ?  
Because Postifx has a seperate resolv.conf (which gets updated when  
starting Postfix):


/var/spool/postfix/etc/resolv.conf

On Thu, Aug 18, 2016 at 02:20:25PM +, Michael wrote:

Hi all,

I have been using pdns_recursor package on my Ubuntu 14.04 quite
some time to resolve host names locally. That worked fine for the
entire system.

Last week I updated to Ubuntu 16.04. So I have a new Postfix version
(3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).

Since this update Postfix does not receive correct answers for a
particular query anymore. Concretely, queries for A entries of
Office365 mail servers.

For example if Postfix asks for the A entry of
nxp-com.mail.protection.outlook.com, pdns_recursor returns to
Postfix that there does not exists a A record.
However, if I manually do this query with dig, I do get an correct
answer. Please see the logs at the end of the mail.

Besides the queries of Office365 mail servers, the rest is working
fine. I have no idea how to track down that issue? Is there any
setting in pdns_recursor I have to change?

Thanks,
Michael


Postfix log
=
Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2:
from=, size=865, nrcpt=1 (queue active)
Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for
nxp.com has a valid address record
Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2:
to=, relay=none, delay=1492, delays=1492/0.12/0.81/0,
dsn=4.4.3, status=deferred (Host or domain name not found. Name
service error for name=nxp-com.mail.protection.outlook.com type=A:
Host not found, try again)
=

pdns_recursor log after Postfix query
=
Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for
'nxp.com.|MX' from 127.0.0.1
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question
'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms,
0 throttled, 0 timeouts, 0 tcp connections, rcode=0
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for
'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question
'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional,
took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp
connections, rcode=2
=

pdns_log after dig query
=
Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for
'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question
'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional,
took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp
connections, rcode=0
=

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users




___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Leen Besselink

Hi,

Sounds like a strange problem.

Just to make sure it's set up correctly.

Could you check that Postfix is talking to PowerDNS Recursor ? Because Postifx 
has a seperate resolv.conf (which gets updated when starting Postfix):

/var/spool/postfix/etc/resolv.conf

On Thu, Aug 18, 2016 at 02:20:25PM +, Michael wrote:
> Hi all,
> 
> I have been using pdns_recursor package on my Ubuntu 14.04 quite
> some time to resolve host names locally. That worked fine for the
> entire system.
> 
> Last week I updated to Ubuntu 16.04. So I have a new Postfix version
> (3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).
> 
> Since this update Postfix does not receive correct answers for a
> particular query anymore. Concretely, queries for A entries of
> Office365 mail servers.
> 
> For example if Postfix asks for the A entry of
> nxp-com.mail.protection.outlook.com, pdns_recursor returns to
> Postfix that there does not exists a A record.
> However, if I manually do this query with dig, I do get an correct
> answer. Please see the logs at the end of the mail.
> 
> Besides the queries of Office365 mail servers, the rest is working
> fine. I have no idea how to track down that issue? Is there any
> setting in pdns_recursor I have to change?
> 
> Thanks,
> Michael
> 
> 
> Postfix log
> =
> Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2:
> from=, size=865, nrcpt=1 (queue active)
> Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for
> nxp.com has a valid address record
> Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2:
> to=, relay=none, delay=1492, delays=1492/0.12/0.81/0,
> dsn=4.4.3, status=deferred (Host or domain name not found. Name
> service error for name=nxp-com.mail.protection.outlook.com type=A:
> Host not found, try again)
> =
> 
> pdns_recursor log after Postfix query
> =
> Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for
> 'nxp.com.|MX' from 127.0.0.1
> Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question
> 'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms,
> 0 throttled, 0 timeouts, 0 tcp connections, rcode=0
> Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for
> 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
> Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question
> 'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional,
> took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp
> connections, rcode=2
> =
> 
> pdns_log after dig query
> =
> Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for
> 'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
> Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question
> 'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional,
> took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp
> connections, rcode=0
> =
> 
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

2016-08-18 Thread Michael


Hi all,

I have been using pdns_recursor package on my Ubuntu 14.04 quite some  
time to resolve host names locally. That worked fine for the entire  
system.


Last week I updated to Ubuntu 16.04. So I have a new Postfix version  
(3.1.0) as well as a new pdns_recursor version (4.0.0-alpha2).


Since this update Postfix does not receive correct answers for a  
particular query anymore. Concretely, queries for A entries of  
Office365 mail servers.


For example if Postfix asks for the A entry of  
nxp-com.mail.protection.outlook.com, pdns_recursor returns to Postfix  
that there does not exists a A record.
However, if I manually do this query with dig, I do get an correct  
answer. Please see the logs at the end of the mail.


Besides the queries of Office365 mail servers, the rest is working  
fine. I have no idea how to track down that issue? Is there any  
setting in pdns_recursor I have to change?


Thanks,
Michael


Postfix log
=
Aug 15 18:21:07 mx0 postfix/qmgr[2715]: 39EF2A40EA2:  
from=, size=865, nrcpt=1 (queue active)
Aug 15 18:21:08 mx0 postfix/smtp[2907]: warning: no MX host for  
nxp.com has a valid address record
Aug 15 18:21:08 mx0 postfix/smtp[2907]: 39EF2A40EA2:  
to=, relay=none, delay=1492, delays=1492/0.12/0.81/0,  
dsn=4.4.3, status=deferred (Host or domain name not found. Name  
service error for name=nxp-com.mail.protection.outlook.com type=A:  
Host not found, try again)

=

pdns_recursor log after Postfix query
=
Aug 15 18:21:07 mx0 pdns_recursor[2512]: 1 [16/1] question for  
'nxp.com.|MX' from 127.0.0.1
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 1 [16/2] answer to question  
'nxp.com.|MX': 1 answers, 0 additional, took 2 packets, 147.186 ms, 0  
throttled, 0 timeouts, 0 tcp connections, rcode=0
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] question for  
'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
Aug 15 18:21:08 mx0 pdns_recursor[2512]: 2 [9/2] answer to question  
'nxp-com.mail.protection.outlook.com.|A': 0 answers, 1 additional,  
took 9 packets, 595.218 ms, 3 throttled, 0 timeouts, 0 tcp  
connections, rcode=2

=

pdns_log after dig query
=
Aug 15 17:52:20 mx0 pdns_recursor[2520]: 2 [53/1] question for  
'nxp-com.mail.protection.outlook.com.|A' from 127.0.0.1
Aug 15 17:52:21 mx0 pdns_recursor[2520]: 2 [53/1] answer to question  
'nxp-com.mail.protection.outlook.com.|A': 2 answers, 1 additional,  
took 2 packets, 111.056 ms, 0 throttled, 0 timeouts, 0 tcp  
connections, rcode=0

=

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

Re: [Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

[Pdns-users] PowerDNS Recursor does not provide correct answer to Postfix

7 matches

Site Navigation

Mail list logo

Footer information