Robert Elz <[email protected]> wrote: > | This is really strange. I have never seen something like this (except > | when the DNS is broken).
> It isn't, I can get addresses for the MX records when the query
> originates elsewhere - they just don't reply when it is my MTA
> asking.
:-(
Is your MTA a stub resolver, or does it have a full recursive?
I assume ICMP works to the authoritative resolver involved?
> | Do you have any logs that demonstrate this?
> That would be kind of meaningless, as all that happens is that
> nothing happens - there's no difference in behaviour from what
> would happen if the remote DNS server(s) were down/unreachable,
> except that queries from other sources work (but my MTA is unaware
> of that).
Well,
1. dig +trace would not be useless.
2. a tcpdump of the queries going out, and just some being missed might help.
3. is there any NAT44 involved? Or a firewall? Maybe one you don't know about.
4. UDP, TCP matters. Some morons turn off queries over TCP.
Given that this is MS, and they broke their email system so that it can't
get email from the mailop@ ML, which is where usually people report
problems ... I'll bet they read some 1997-era checklist and turned off TCP.
> | Do you have DNSSEC validating resolver enabled or something like this?
> Nothing special, not that it matters - all the queries to which
> reply packets are received (like looking up the MX in the first
> place) work just fine - for the ones that fail, there is simply
> no answer, nothing to validate.
> And once again, this has nothing whatever to do with nmh.
> That is, this does not belong on this list.
:-)
Can you /etc/resolv.conf and/or named.conf + forwarders to punt your queries
at another server? 2001:4860:4860::8844 or 2606:4700:4700::1111 if you have
to.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
