I think I found the reason. using 'co.delaware.pa.us'
us - TLD pa.us - TLD delaware.pa.us - invalid !!! co.delaware.pa.us - valid pa.us is a TLD - but there are also sub domains registered as TLD like cc.pa.us or lib.pa.us (and others) - BUT not delaware.pa.us The really strange thing is, that 'delaware.pa.us' it self is invalid, but subdomains like 'co.delaware.pa.us' are valid. To be not too strict, assp has tested the domain (delaware.pa.us) of the host (co.delaware.pa.us) the logic of assp: Because (pa.us) is a TLD and (delaware.pa.us) is not a TLD , ( delaware.pa.us) must be a registered user domain and (co.delaware.pa.us) must be a host. I'll try to workaround this. But first I'll ask IANA and will force them to close the .us TLD but at least the pa.us domain :):) Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 06.04.2016 06:01 Betreff: Re: [Assp-test] can't find a name server registration I hear yah loud and clear on the nxdomain for the stupid Navy subdomains. I'm sure it's a valid subdomain internally and they just aren't thinking when emailing out.... Forget about that one, it's clearly a misconfiguration on their end. But the multiple co.county.status.us domain problem is baffling. We've got 3 dns servers here, none seem to have any problem resolving anything - I've never seen one of these county long domain (multi part) timeout during manual tests. Just weird that these are the only ones that cause a warning besides legit nxdomains. Looking at the log, it appears that just 1 second passes between the connection to ASSP and the warning message Warning: can't find a name server registration for the sender domain... Is there a way to enable DNS debugging only for these types of domains or do I need to turn on DebugSPF (from memory, I feel like that is the magic debug all DNS switch)? I'm wondering if there's some kind of perfect storm, there's too many dots in that domain name where the Net-DNS module or something fails. I don't see other domain names that we get mail from. What's odder is that I don't always get this warning with the domain names (which I agree makes it sound like a problem with our DNS servers, but I can't imagine what - there's no forwarders, there's 3 of them, they're all responsive and I never seem to be able to cause a failure) It's just a warning, but I'd hate do see something and not say something - or not say something only to discover that we've got something failing on our end that I didn't know about. If you're certain that it must be my DNS servers, say so one more time and I'll drop the discussion here. As always ,thanks. On Tue, Apr 5, 2016 at 12:58 PM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > ASSP does nothing else than ask YOUR DNS-server for 'ANY' DNS-entry. If > the DNS-server answers with 'NXDOMAIN' , there is no doubt for assp, that > this domain/host does'nt exist. This is NOT allowed in SMTP > > >I know that submail.navy.mil isn't valid > > So - using 'submail.navy.mil' in SMTP IS A FAULT. There is nothing to > 'don't know' 'think about','can','should' ......... > And because the host name is not valid, what else 'should' assp do, than > to skip all the following DNS queries for this host name > (SPF,DKIM,A,MX,....) - there is not 'ANY' DNS-entry? > > Again: > The 'DoRFC822' check hits ONLY, if any of the following is the case > > - the 'MAIL FROM' address has an invalid format > - the TLD (here mil) is not registered to IANA > - the answer of an 'ANY' query for the host name is 'NXDOMAIN' - (any > other error is ignored by assp) > > If the answer for 'co.county.state.us' is 'NXDOMAIN', you should check > your name server. It should never answer with 'NXDOMAIN' in case of a > timeout! > > Thomas > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 05.04.2016 18:19 > Betreff: Re: [Assp-test] can't find a name server registration > > > > Terminology mixed me up I guess. Was thinking as the "domain name" as > what's registered with the registrar. What's being checked, I'd call the > "hostname" <-- but I'm wrong according to the RFC. Sorry for that. > > I know that submail.navy.mil isn't valid, but navy.mil certainly is. > Shouldn't ASSP find that though and not complain stating that no more DNS > checking will be done? > > And I don't understand what the problem is with co.delaware.pa.us and the > other co.county.state.us domains. They're valid domain/host names with mx > records. And it's only multiple part hostnames that show up as warnings > in > the logs as far as I can tell. > > Not really worried, just thought I'd bring it up to insure something wonky > isn't going on. > > Thanks > > > On Tue, Apr 5, 2016 at 12:08 PM, Thomas Eckardt > <thomas.ecka...@thockar.com> > wrote: > > > RFC5321 section 2.3.5. Domain Names > > > > ASSP is smart and ask for 'ANY' DNS registration for the domainpart of > the > > sender address - no entry -> no luck! > > > > disable 'DoRFC822' if this is not working for you > > > > Thomas > > > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > > Datum: 05.04.2016 17:01 > > Betreff: Re: [Assp-test] can't find a name server registration > > > > > > > > This problem hasn't gone away and it only seems to be with hostnames > that > > have more than 2 parts - > > > > For example: > > co.delaware.pa.us > > resolves just fine on the dns servers > > co.delaware.pa.us MX preference = 10, mail exchanger = > > co-delaware-pa-us.mail.protection.outlook.com > > > > co-delaware-pa-us.mail.protection.outlook.com internet address = > > 207.46.163.247 > > co-delaware-pa-us.mail.protection.outlook.com internet address = > > 207.46.163.215 > > co-delaware-pa-us.mail.protection.outlook.com internet address = > > 207.46.163.138 > > > > And > > submail.navy.mil > > *which doesn't seem to be a valid hostname, but shouldn't ASSP be > looking > > for a name server registration for navy.mil <http://navy.mil> and not > the > > full hostname? *I don't know, I'm asking. Just seems odd that the only > > time I get these warnings are for hostnames with more than just 2 parts. > > > > Thanks > > > > On Tue, Feb 23, 2016 at 12:44 PM, K Post <nntp.p...@gmail.com> wrote: > > > > > Seeing this again. This time: > > > Warning: can't find a name server registration for the sender domain ' > > > co.dodge.wi.us' - all DNS queries will be skipped! > > > > > > It seems that 99% of the time it's a long city / county domain name > like > > > co.dodge.wi.us ci.wilsonville.or.us co.geauga.oh.us and > > co.delaware.pa.us > > > > > > Thomas, any ideas? > > > > > > > > > On Mon, Feb 1, 2016 at 3:47 PM, K Post <nntp.p...@gmail.com> wrote: > > > > > >> At least it's not just me. > > >> > > >> James - FYI, you definitely don't want to use public DNS servers for > > ASSP > > >> - too slow and more importantly you could have trouble with things > like > > >> DNSBL, senderbase, etc where it's limited to a certain number of > > queries > > >> per IP. > > >> > > >> On Mon, Feb 1, 2016 at 2:36 PM, James Moe <ji...@sohnen-moe.com> > wrote: > > >> > > >>> -----BEGIN PGP SIGNED MESSAGE----- > > >>> Hash: SHA1 > > >>> > > >>> On 01/29/2016 11:10 AM, K Post wrote: > > >>> > I see this on occasion: > > >>> > > > >>> ASSP version 2.4.5(15334) > > >>> I have the same problem. > > >>> > > >>> > > >>> 2016-02-01 08:32:24 Warning: Name Server 205.171.3.65: does not > > >>> respond or timed out > > >>> 2016-02-01 08:32:24 Warning: Name Server 8.8.8.8: does not respond > or > > >>> timed out > > >>> 2016-02-01 08:33:24 Warning: Name Server 127.0.0.1: does not respond > > >>> or timed out > > >>> 2016-02-01 08:33:24 Warning: Name Server 205.171.3.65: does not > > >>> respond or timed out > > >>> 2016-02-01 08:33:24 Warning: Name Server 8.8.8.8: does not respond > or > > >>> timed out > > >>> 2016-02-01 09:32:49 Warning: Name Server 205.171.3.65: does not > > >>> respond or timed out > > >>> 2016-02-01 11:15:27 Warning: can't find a name server registration > for > > >>> the sender domain 'mktg.actonsoftware.com' - all DNS queries will be > > >>> skipped! > > >>> > > >>> > > >>> - -- > > >>> James Moe > > >>> moe dot james at sohnen-moe dot com > > >>> 520.743.3936 > > >>> -----BEGIN PGP SIGNATURE----- > > >>> Version: GnuPG v2 > > >>> > > >>> iEYEARECAAYFAlavs8cACgkQzTcr8Prq0ZMSPwCffuGpMYSd1e7/mqCD6AitMYbu > > >>> Jm8AnRxQrpenZVUHTwunXFg0E8HvMWYx > > >>> =e+8I > > >>> -----END PGP SIGNATURE----- > > >>> > > >>> > > >>> > > > > > > ------------------------------------------------------------------------------ > > >>> Site24x7 APM Insight: Get Deep Visibility into Application > Performance > > >>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > > >>> Monitor end-to-end web transactions and take corrective actions now > > >>> Troubleshoot faster and improve end-user experience. Signup Now! > > >>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > >>> _______________________________________________ > > >>> Assp-test mailing list > > >>> Assp-test@lists.sourceforge.net > > >>> https://lists.sourceforge.net/lists/listinfo/assp-test > > >>> > > >> > > >> > > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
