Re: [mailop] Did/Is mail.mil have/having DNS issues affecting ability get MX records?
Someone fixed up the DNSsec issue -- emails have now all delivered. =) Frank -Original Message- From: Frank Bulk [mailto:frnk...@iname.com] Sent: Tuesday, October 17, 2017 8:28 PM To: 'mailop@mailop.org' (mailop@mailop.org) Subject: RE: Did/Is mail.mil have/having DNS issues affecting ability get MX records? Turns out that the issue is DNSsec related: http://dnsviz.net/d/mail.mil/dnssec/ http://dnssec-debugger.verisignlabs.com/mail.mil https://www.zonemaster.fr/test/e4c27dd3502eedaf http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=mail.mil Frank -Original Message- From: Frank Bulk [mailto:frnk...@iname.com] Sent: Tuesday, October 17, 2017 5:25 PM To: 'mailop@mailop.org' (mailop@mailop.org) Subject: Did/Is mail.mil have/having DNS issues affecting ability get MX records? Our monitoring system alerted us to some emails delivery issues to mail.mil, and checking my local and some common resolvers, most are coming back with a SERVFAIL. Looking at our email server logs, first example was at 5:58 U.S. Central. Google DNS is showing SERVFAIL while OpenDNS provides a response. Frank DNS server: 8.8.8.8 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 57 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 8.8.4.4 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 60 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 208.67.222.222 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.222.222 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 2637IN MX 10 pri-jeemsg.eemsg.mail.mil. mail.mil. 2637IN MX 20 sec-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 DNS server: 208.67.220.220 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.220.220 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45243 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 3064IN MX 20 sec-jeemsg.eemsg.mail.mil. mail.mil. 3064IN MX 10 pri-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.220.220#53(208.67.220.220) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 root@nagios:/tmp# ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Did/Is mail.mil have/having DNS issues affecting ability get MX records?
Turns out that the issue is DNSsec related: http://dnsviz.net/d/mail.mil/dnssec/ http://dnssec-debugger.verisignlabs.com/mail.mil https://www.zonemaster.fr/test/e4c27dd3502eedaf http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=mail.mil Frank -Original Message- From: Frank Bulk [mailto:frnk...@iname.com] Sent: Tuesday, October 17, 2017 5:25 PM To: 'mailop@mailop.org' (mailop@mailop.org) Subject: Did/Is mail.mil have/having DNS issues affecting ability get MX records? Our monitoring system alerted us to some emails delivery issues to mail.mil, and checking my local and some common resolvers, most are coming back with a SERVFAIL. Looking at our email server logs, first example was at 5:58 U.S. Central. Google DNS is showing SERVFAIL while OpenDNS provides a response. Frank DNS server: 8.8.8.8 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 57 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 8.8.4.4 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 60 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 208.67.222.222 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.222.222 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 2637IN MX 10 pri-jeemsg.eemsg.mail.mil. mail.mil. 2637IN MX 20 sec-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 DNS server: 208.67.220.220 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.220.220 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45243 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 3064IN MX 20 sec-jeemsg.eemsg.mail.mil. mail.mil. 3064IN MX 10 pri-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.220.220#53(208.67.220.220) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 root@nagios:/tmp# ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Did/Is mail.mil have/having DNS issues affecting ability get MX records?
Our monitoring system alerted us to some emails delivery issues to mail.mil, and checking my local and some common resolvers, most are coming back with a SERVFAIL. Looking at our email server logs, first example was at 5:58 U.S. Central. Google DNS is showing SERVFAIL while OpenDNS provides a response. Frank DNS server: 8.8.8.8 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 57 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 8.8.4.4 ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 60 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 26 DNS server: 208.67.222.222 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.222.222 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53113 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 2637IN MX 10 pri-jeemsg.eemsg.mail.mil. mail.mil. 2637IN MX 20 sec-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 DNS server: 208.67.220.220 ; <<>> DiG 9.7.3 <<>> MX mail.mil @208.67.220.220 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45243 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 3064IN MX 20 sec-jeemsg.eemsg.mail.mil. mail.mil. 3064IN MX 10 pri-jeemsg.eemsg.mail.mil. ;; Query time: 33 msec ;; SERVER: 208.67.220.220#53(208.67.220.220) ;; WHEN: Tue Oct 17 17:21:25 2017 ;; MSG SIZE rcvd: 86 root@nagios:/tmp# ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop