Thomas Please see RFC 1480
https://www.ietf.org/rfc/rfc1480.txt.pdf That will explain the strange nomenclature used in the US locality domain structure. "co.delaware.pa.us" would be the government of Delaware County, Pennsylvania. The issue here is that the TLD ".us" delegates directly to "co.delaware.pa.us". The intermediate zones do not exist. My organization supports State government agencies under "state.tx.us" County government under "co.NAME.tx.us" City government under "ci.NAME.tx.us" where "NAME" is the name of the City or County. bryan.brad...@capnet.state.tx.us Department of Information Resources Communications Technology Services Network Operations Center - Information Technology On Wed, 2016-04-06 at 07:34 +0200, Thomas Eckardt wrote: > I think I found the reason. > > using 'co.delaware.pa.us' > > us - TLD > pa.us - TLD > delaware.pa.us - invalid !!! > co.delaware.pa.us - valid > > pa.us is a TLD - but there are also sub domains registered as TLD > like > cc.pa.us or lib.pa.us (and others) - BUT not delaware.pa.us > The really strange thing is, that 'delaware.pa.us' it self is > invalid, but > subdomains like 'co.delaware.pa.us' are valid. > > To be not too strict, assp has tested the domain (delaware.pa.us) of > the > host (co.delaware.pa.us) > the logic of assp: > Because (pa.us) is a TLD and (delaware.pa.us) is not a TLD , ( > delaware.pa.us) must be a registered user domain and > (co.delaware.pa.us) > must be a host. > > I'll try to workaround this. But first I'll ask IANA and will force > them > to close the .us TLD but at least the pa.us domain :):) > > Thomas > > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list < > assp-test@lists.sourceforge.net> > Datum: 06.04.2016 06:01 > Betreff: Re: [Assp-test] can't find a name server registration > > > > I hear yah loud and clear on the nxdomain for the stupid Navy > subdomains. > I'm sure it's a valid subdomain internally and they just aren't > thinking > when emailing out.... Forget about that one, it's clearly a > misconfiguration on their end. > > But the multiple co.county.status.us domain problem is baffling. > We've > got > 3 dns servers here, none seem to have any problem resolving anything > - > I've > never seen one of these county long domain (multi part) timeout > during > manual tests. Just weird that these are the only ones that cause a > warning > besides legit nxdomains. Looking at the log, it appears that just 1 > second > passes between the connection to ASSP and the warning message > Warning: > can't find a name server registration for the sender domain... > > Is there a way to enable DNS debugging only for these types of > domains or > do I need to turn on DebugSPF (from memory, I feel like that is the > magic > debug all DNS switch)? > > I'm wondering if there's some kind of perfect storm, there's too many > dots > in that domain name where the Net-DNS module or something fails. I > don't > see other domain names that we get mail from. What's odder is that I > don't > always get this warning with the domain names (which I agree makes it > sound > like a problem with our DNS servers, but I can't imagine what - > there's no > forwarders, there's 3 of them, they're all responsive and I never > seem to > be able to cause a failure) > > It's just a warning, but I'd hate do see something and not say > something - > or not say something only to discover that we've got something > failing on > our end that I didn't know about. > > If you're certain that it must be my DNS servers, say so one more > time and > I'll drop the discussion here. > > As always ,thanks. > > On Tue, Apr 5, 2016 at 12:58 PM, Thomas Eckardt > <thomas.ecka...@thockar.com> > wrote: > > > ASSP does nothing else than ask YOUR DNS-server for 'ANY' DNS > > -entry. If > > the DNS-server answers with 'NXDOMAIN' , there is no doubt for > > assp, > that > > this domain/host does'nt exist. This is NOT allowed in SMTP > > > > > I know that submail.navy.mil isn't valid > > > > So - using 'submail.navy.mil' in SMTP IS A FAULT. There is nothing > > to > > 'don't know' 'think about','can','should' ......... > > And because the host name is not valid, what else 'should' assp do, > > than > > to skip all the following DNS queries for this host name > > (SPF,DKIM,A,MX,....) - there is not 'ANY' DNS-entry? > > > > Again: > > The 'DoRFC822' check hits ONLY, if any of the following is the case > > > > - the 'MAIL FROM' address has an invalid format > > - the TLD (here mil) is not registered to IANA > > - the answer of an 'ANY' query for the host name is 'NXDOMAIN' - > > (any > > other error is ignored by assp) > > > > If the answer for 'co.county.state.us' is 'NXDOMAIN', you should > > check > > your name server. It should never answer with 'NXDOMAIN' in case of > > a > > timeout! > > > > Thomas > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > An: ASSP development mailing list < > > assp-test@lists.sourceforge.net> > > Datum: 05.04.2016 18:19 > > Betreff: Re: [Assp-test] can't find a name server > > registration > > > > > > > > Terminology mixed me up I guess. Was thinking as the "domain name" > > as > > what's registered with the registrar. What's being checked, I'd > > call > the > > "hostname" <-- but I'm wrong according to the RFC. Sorry for that. > > > > I know that submail.navy.mil isn't valid, but navy.mil certainly > > is. > > Shouldn't ASSP find that though and not complain stating that no > > more > DNS > > checking will be done? > > > > And I don't understand what the problem is with co.delaware.pa.us > > and > the > > other co.county.state.us domains. They're valid domain/host names > > with > mx > > records. And it's only multiple part hostnames that show up as > > warnings > > in > > the logs as far as I can tell. > > > > Not really worried, just thought I'd bring it up to insure > > something > wonky > > isn't going on. > > > > Thanks > > > > > > On Tue, Apr 5, 2016 at 12:08 PM, Thomas Eckardt > > <thomas.ecka...@thockar.com> > > wrote: > > > > > RFC5321 section 2.3.5. Domain Names > > > > > > ASSP is smart and ask for 'ANY' DNS registration for the > > > domainpart of > > the > > > sender address - no entry -> no luck! > > > > > > disable 'DoRFC822' if this is not working for you > > > > > > Thomas > > > > > > > > > > > > > > > > > > Von: K Post <nntp.p...@gmail.com> > > > An: ASSP development mailing list > <assp-test@lists.sourceforge.net> > > > Datum: 05.04.2016 17:01 > > > Betreff: Re: [Assp-test] can't find a name server > > > registration > > > > > > > > > > > > This problem hasn't gone away and it only seems to be with > > > hostnames > > that > > > have more than 2 parts - > > > > > > For example: > > > co.delaware.pa.us > > > resolves just fine on the dns servers > > > co.delaware.pa.us MX preference = 10, mail exchanger = > > > co-delaware-pa-us.mail.protection.outlook.com > > > > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > = > > > 207.46.163.247 > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > = > > > 207.46.163.215 > > > co-delaware-pa-us.mail.protection.outlook.com internet address > > > = > > > 207.46.163.138 > > > > > > And > > > submail.navy.mil > > > *which doesn't seem to be a valid hostname, but shouldn't ASSP be > > looking > > > for a name server registration for navy.mil <http://navy.mil> and > > > not > > the > > > full hostname? *I don't know, I'm asking. Just seems odd that > > > the > only > > > time I get these warnings are for hostnames with more than just 2 > parts. > > > > > > Thanks > > > > > > On Tue, Feb 23, 2016 at 12:44 PM, K Post <nntp.p...@gmail.com> > > > wrote: > > > > > > > Seeing this again. This time: > > > > Warning: can't find a name server registration for the sender > > > > domain > ' > > > > co.dodge.wi.us' - all DNS queries will be skipped! > > > > > > > > It seems that 99% of the time it's a long city / county domain > > > > name > > like > > > > co.dodge.wi.us ci.wilsonville.or.us co.geauga.oh.us and > > > co.delaware.pa.us > > > > > > > > Thomas, any ideas? > > > > > > > > > > > > On Mon, Feb 1, 2016 at 3:47 PM, K Post <nntp.p...@gmail.com> > > > > wrote: > > > > > > > > > At least it's not just me. > > > > > > > > > > James - FYI, you definitely don't want to use public DNS > > > > > servers > for > > > ASSP > > > > > - too slow and more importantly you could have trouble with > > > > > things > > like > > > > > DNSBL, senderbase, etc where it's limited to a certain number > > > > > of > > > queries > > > > > per IP. > > > > > > > > > > On Mon, Feb 1, 2016 at 2:36 PM, James Moe < > > > > > ji...@sohnen-moe.com> > > wrote: > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > Hash: SHA1 > > > > > > > > > > > > On 01/29/2016 11:10 AM, K Post wrote: > > > > > > > I see this on occasion: > > > > > > > > > > > > > ASSP version 2.4.5(15334) > > > > > > I have the same problem. > > > > > > > > > > > > > > > > > > 2016-02-01 08:32:24 Warning: Name Server 205.171.3.65: does > > > > > > not > > > > > > respond or timed out > > > > > > 2016-02-01 08:32:24 Warning: Name Server 8.8.8.8: does not > > > > > > respond > > or > > > > > > timed out > > > > > > 2016-02-01 08:33:24 Warning: Name Server 127.0.0.1: does > > > > > > not > respond > > > > > > or timed out > > > > > > 2016-02-01 08:33:24 Warning: Name Server 205.171.3.65: does > > > > > > not > > > > > > respond or timed out > > > > > > 2016-02-01 08:33:24 Warning: Name Server 8.8.8.8: does not > > > > > > respond > > or > > > > > > timed out > > > > > > 2016-02-01 09:32:49 Warning: Name Server 205.171.3.65: does > > > > > > not > > > > > > respond or timed out > > > > > > 2016-02-01 11:15:27 Warning: can't find a name server > > > > > > registration > > for > > > > > > the sender domain 'mktg.actonsoftware.com' - all DNS > > > > > > queries will > be > > > > > > skipped! > > > > > > > > > > > > > > > > > > - -- > > > > > > James Moe > > > > > > moe dot james at sohnen-moe dot com > > > > > > 520.743.3936 > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > > Version: GnuPG v2 > > > > > > > > > > > > iEYEARECAAYFAlavs8cACgkQzTcr8Prq0ZMSPwCffuGpMYSd1e7/mqCD6Ai > > > > > > tMYbu > > > > > > Jm8AnRxQrpenZVUHTwunXFg0E8HvMWYx > > > > > > =e+8I > > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > --------- > > > > > > Site24x7 APM Insight: Get Deep Visibility into Application > > Performance > > > > > > APM + Mobile APM + RUM: Monitor 3 App instances at just > > > > > > $35/Month > > > > > > Monitor end-to-end web transactions and take corrective > > > > > > actions > now > > > > > > Troubleshoot faster and improve end-user experience. Signup > > > > > > Now! > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu= > > > > > > /4140 > > > > > > _______________________________________________ > > > > > > Assp-test mailing list > > > > > > Assp-test@lists.sourceforge.net > > > > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > --------- > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > > > > > DISCLAIMER: > > > ******************************************************* > > > This email and any files transmitted with it may be confidential, > > legally > > > privileged and protected in law and are intended solely for the > > > use of > > the > > > > > > individual to whom it is addressed. > > > This email was multiple times scanned for viruses. There should > > > be no > > > known virus in this email! > > > ******************************************************* > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > --------- > > > > > > _______________________________________________ > > > Assp-test mailing list > > > Assp-test@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > > --------------------------------------------------------------------- > --------- > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use > > of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be > > no > > known virus in this email! > > ******************************************************* > > > > > > > > > --------------------------------------------------------------------- > --------- > > > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > --------------------------------------------------------------------- > --------- > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally > privileged and protected in law and are intended solely for the use > of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > --------------------------------------------------------------------- > --------- > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
