This doesn’t look so good, though: http://dnsviz.net/d/mail.mil/dnssec/
Frank From: mailop <mailop-boun...@mailop.org> On Behalf Of Vick Khera Sent: Thursday, May 03, 2018 9:00 AM To: mailop@mailop.org Subject: Re: [mailop] No MX records for mail.mil My own office resolver running unbound has DNSSEC enabled with strict checking, and the response I get shows it is authenticated data: the "ad" flag is on. Based on that, DNSSEC is working for them as far as my understanding goes. My first guess was also it would be a DNSSEC issue. ; <<>> DiG 9.10.6 <<>> mail.mil <http://mail.mil> mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25907 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; ANSWER SECTION: mail.mil <http://mail.mil> . 797 IN MX 10 pri-jeemsg.eemsg.mail.mil <http://pri-jeemsg.eemsg.mail.mil> . mail.mil <http://mail.mil> . 797 IN MX 20 sec-jeemsg.eemsg.mail.mil <http://sec-jeemsg.eemsg.mail.mil> . ;; Query time: 0 msec ;; SERVER: 192.168.135.1#53(192.168.135.1) ;; WHEN: Thu May 03 09:51:57 EDT 2018 ;; MSG SIZE rcvd: 97 On Thu, May 3, 2018 at 9:32 AM, <frnk...@iname.com <mailto:frnk...@iname.com> > wrote: Looks to be a DNSsec issue ... please correct me if I have that wrong. Frank -----Original Message----- From: Frank Bulk (frnk...@iname.com <mailto:frnk...@iname.com> ) <frnk...@iname.com <mailto:frnk...@iname.com> > Sent: Thursday, May 3, 2018 8:28 AM To: 'mailop@mailop.org <mailto:mailop@mailop.org> ' (mailop@mailop.org <mailto:mailop@mailop.org> ) <mailop@mailop.org <mailto:mailop@mailop.org> > Subject: No MX records for mail.mil <http://mail.mil> I haven't investigated this thoroughly, but it seems like mail.mil <http://mail.mil> is not returning MX records from certain DNS resolvers. Frank ============================================ DNS server: 1.1.1.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @1.1.1.1 <http://1.1.1.1> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 67 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Thu May 3 08:24:43 2018 ;; MSG SIZE rcvd: 26 ============================================ DNS server: 1.0.0.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @1.0.0.1 <http://1.0.0.1> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 4171 msec ;; SERVER: 1.0.0.1#53(1.0.0.1) ;; WHEN: Thu May 3 08:24:47 2018 ;; MSG SIZE rcvd: 26 ============================================ DNS server: 8.8.8.8 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @8.8.8.8 <http://8.8.8.8> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 34 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 ============================================ DNS server: 8.8.4.4 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @8.8.4.4 <http://8.8.4.4> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 76 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 ============================================ _______________________________________________ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop