My own office resolver running unbound has DNSSEC enabled with strict checking, and the response I get shows it is authenticated data: the "ad" flag is on. Based on that, DNSSEC is working for them as far as my understanding goes. My first guess was also it would be a DNSSEC issue.
; <<>> DiG 9.10.6 <<>> mail.mil mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25907 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 797 IN MX 10 pri-jeemsg.eemsg.mail.mil. mail.mil. 797 IN MX 20 sec-jeemsg.eemsg.mail.mil. ;; Query time: 0 msec ;; SERVER: 192.168.135.1#53(192.168.135.1) ;; WHEN: Thu May 03 09:51:57 EDT 2018 ;; MSG SIZE rcvd: 97 On Thu, May 3, 2018 at 9:32 AM, <frnk...@iname.com> wrote: > Looks to be a DNSsec issue ... please correct me if I have that wrong. > > Frank > > -----Original Message----- > From: Frank Bulk (frnk...@iname.com) <frnk...@iname.com> > Sent: Thursday, May 3, 2018 8:28 AM > To: 'mailop@mailop.org' (mailop@mailop.org) <mailop@mailop.org> > Subject: No MX records for mail.mil > > I haven't investigated this thoroughly, but it seems like mail.mil is not > returning MX records from certain DNS resolvers. > > Frank > > ============================================ > DNS server: 1.1.1.1 (Cloudflare DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 67 msec > ;; SERVER: 1.1.1.1#53(1.1.1.1) > ;; WHEN: Thu May 3 08:24:43 2018 > ;; MSG SIZE rcvd: 26 > > ============================================ > DNS server: 1.0.0.1 (Cloudflare DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 4171 msec > ;; SERVER: 1.0.0.1#53(1.0.0.1) > ;; WHEN: Thu May 3 08:24:47 2018 > ;; MSG SIZE rcvd: 26 > > ============================================ > DNS server: 8.8.8.8 (Google DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 34 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu May 3 08:24:42 2018 > ;; MSG SIZE rcvd: 26 > > ============================================ > DNS server: 8.8.4.4 (Google DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 76 msec > ;; SERVER: 8.8.4.4#53(8.8.4.4) > ;; WHEN: Thu May 3 08:24:42 2018 > ;; MSG SIZE rcvd: 26 > > ============================================ > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop