On Fri, Oct 6, 2023 at 1:39 PM Craig Leres <[email protected]> wrote:
> On 10/6/23 11:34, Viktor Dukhovni wrote: > > While the nameservers behind that domain have various unfortunate > > limitations, they're minimally usable, and you should be able to resolve > > the A/AAAA records of the MX hosts with no issue. What specific problems > > is your unbound running into. I also use "unbound" and do not run into > > substatial issues with that domain: $ dig -t a > > outlook-com.olc.protection.outlook.com ; <<>> DiG 9.18.14 <<>> -t a > > outlook-com.olc.protection.outlook.com ;; global options: +cmd ;; Got > > answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63936 ;; > > flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT > > PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1400 ;; QUESTION > > SECTION: ;outlook-com.olc.protection.outlook.com. IN A ;; ANSWER > > SECTION: outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.0 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.6 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.8.37 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.5 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.27 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.42.12 > > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.31 ;; Query > > time: 119 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Oct > > 06 14:32:53 EDT 2023 ;; MSG SIZE rcvd: 179 So long as you don't try to > > look up TLSA records, or insist on using EDNS(0), even after a FORMERR > > response, you should be fine. > > I've had edns0 in resolv.conf for a really long time but even if I > comment that out I'm still unable to deliver mail. Also I get SERVFAIL > or a timeout if I lookup outlook-com.olc.protection.outlook.com. > > Craig > > dot 176 % host outlook-com.olc.protection.outlook.com > outlook-com.olc.protection.outlook.com has address 52.101.11.11 > outlook-com.olc.protection.outlook.com has address 52.101.68.20 > outlook-com.olc.protection.outlook.com has address 52.101.73.20 > outlook-com.olc.protection.outlook.com has address 52.101.73.3 > outlook-com.olc.protection.outlook.com has address 52.101.8.33 > outlook-com.olc.protection.outlook.com has address 52.101.68.4 > outlook-com.olc.protection.outlook.com has address 52.101.68.37 > Host outlook-com.olc.protection.outlook.com not found: 2(SERVFAIL) > dot 177 % host outlook-com.olc.protection.outlook.com > outlook-com.olc.protection.outlook.com has address 52.101.68.4 > outlook-com.olc.protection.outlook.com has address 52.101.68.37 > outlook-com.olc.protection.outlook.com has address 52.101.11.11 > outlook-com.olc.protection.outlook.com has address 52.101.68.20 > outlook-com.olc.protection.outlook.com has address 52.101.73.20 > outlook-com.olc.protection.outlook.com has address 52.101.73.3 > outlook-com.olc.protection.outlook.com has address 52.101.8.33 > ;; communications error to 127.0.0.2#53: timed out > ;; communications error to 127.0.0.2#53: timed out > ;; no servers could be reached > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > Interesting, it works fine with dig, but I get the same error the author does when I use "host" I used to know the significant differences between "host" and "dig" but I have not used "host" in so long, I have forgotten them. -- jack
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
