Re: [mailop] No MX records for mail.mil
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-05-03 at 09:33 -0500, Frank Bulk wrote: > This doesn’t look so good, though: > http://dnsviz.net/d/mail.mil/dnssec/ but this did: http://dnsviz.net/d/mail.mil/WsaG2w/dnssec/ and before that there was: http://dnsviz.net/d/mail.mil/WusxjQ/dnssec/ This flip-flop behaviour on mail.mil has been going on for more than a year. I'm going to guess that the responsible contractor doesn't know what they're doing. :-) - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlrrM0wACgkQJxVetMRa JwV3ExAAnEIcG1kmh4NWuuloJ/jaoMoaKMtMUfyOx0QAGXzkPAl6BXMoVojxGupg M+u951aSYjr0MZelpxyLjMnHXBKwHsUFUkgurT9q7G/fktnUUSDatSUIpZ0YnM/V 4tdCBjp4r0UvK93IAC+JzMLs5RrZ/qX6xwKXO+3eO7BXnHI3jOhW9YRPkJKSwV0f T7H5oxh69Zz2dQazlGMThMuU99E04T+P7Nt3RS0xxNkahEeQbqzi5jLfsZtgBOZm mhdW705pcs5gM2GeUvaafazuFgkV4+88fd+kjx4xrbWu0xPfCs5xfGLYNZZnDn27 SttcGFqvZYwI3HIriVFYMF+rQPU8oNdDx1dkBtpKb0LTeMCZCJQOGxX91EEVjk+t IODTTZIhLZnBAsLHwUOeU0/KaF5r6fr8QUPRd0Mt8BmYwNNk4DeQlHCmmUxLNJol nDWkRMfYOveogOID4wJK0czCw5uAPrmVaxXG3ZUCmAPHjGqJwOh31XDNTfzdIZ5E U3PPTUzIoIGQJbmYysiIdbehydtHXJWFtakTPIfaa7f7UMZvlf4NXflqdm2mwhBe TKZpjbdzMc3qxHsXtcxT5pufi3nLOTnP91iHbYU0SPnSrQWO3ThebR7RuFl48AG2 O5XrmaNRuNuKJFE3UVjxTOM3qkKDYdNGC6VS9dZHaaPurWi6los= =pUnj -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] No MX records for mail.mil
On Thu, May 3, 2018 at 10:33 AM, Frank Bulkwrote: > This doesn’t look so good, though: > > http://dnsviz.net/d/mail.mil/dnssec/ > > > > > Yes, that looks bad :( I have to learn more how to query/interpret my dns server's DNSSEC output, or make it more strict. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] No MX records for mail.mil
This doesn’t look so good, though: http://dnsviz.net/d/mail.mil/dnssec/ Frank From: mailop <mailop-boun...@mailop.org> On Behalf Of Vick Khera Sent: Thursday, May 03, 2018 9:00 AM To: mailop@mailop.org Subject: Re: [mailop] No MX records for mail.mil My own office resolver running unbound has DNSSEC enabled with strict checking, and the response I get shows it is authenticated data: the "ad" flag is on. Based on that, DNSSEC is working for them as far as my understanding goes. My first guess was also it would be a DNSSEC issue. ; <<>> DiG 9.10.6 <<>> mail.mil <http://mail.mil> mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25907 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> .IN MX ;; ANSWER SECTION: mail.mil <http://mail.mil> . 797 IN MX 10 pri-jeemsg.eemsg.mail.mil <http://pri-jeemsg.eemsg.mail.mil> . mail.mil <http://mail.mil> . 797 IN MX 20 sec-jeemsg.eemsg.mail.mil <http://sec-jeemsg.eemsg.mail.mil> . ;; Query time: 0 msec ;; SERVER: 192.168.135.1#53(192.168.135.1) ;; WHEN: Thu May 03 09:51:57 EDT 2018 ;; MSG SIZE rcvd: 97 On Thu, May 3, 2018 at 9:32 AM, <frnk...@iname.com <mailto:frnk...@iname.com> > wrote: Looks to be a DNSsec issue ... please correct me if I have that wrong. Frank -Original Message- From: Frank Bulk (frnk...@iname.com <mailto:frnk...@iname.com> ) <frnk...@iname.com <mailto:frnk...@iname.com> > Sent: Thursday, May 3, 2018 8:28 AM To: 'mailop@mailop.org <mailto:mailop@mailop.org> ' (mailop@mailop.org <mailto:mailop@mailop.org> ) <mailop@mailop.org <mailto:mailop@mailop.org> > Subject: No MX records for mail.mil <http://mail.mil> I haven't investigated this thoroughly, but it seems like mail.mil <http://mail.mil> is not returning MX records from certain DNS resolvers. Frank DNS server: 1.1.1.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @1.1.1.1 <http://1.1.1.1> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 67 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Thu May 3 08:24:43 2018 ;; MSG SIZE rcvd: 26 DNS server: 1.0.0.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @1.0.0.1 <http://1.0.0.1> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 4171 msec ;; SERVER: 1.0.0.1#53(1.0.0.1) ;; WHEN: Thu May 3 08:24:47 2018 ;; MSG SIZE rcvd: 26 DNS server: 8.8.8.8 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @8.8.8.8 <http://8.8.8.8> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 34 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 DNS server: 8.8.4.4 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil <http://mail.mil> @8.8.4.4 <http://8.8.4.4> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil <http://mail.mil> . IN MX ;; Query time: 76 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] No MX records for mail.mil
My own office resolver running unbound has DNSSEC enabled with strict checking, and the response I get shows it is authenticated data: the "ad" flag is on. Based on that, DNSSEC is working for them as far as my understanding goes. My first guess was also it would be a DNSSEC issue. ; <<>> DiG 9.10.6 <<>> mail.mil mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25907 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.mil. IN MX ;; ANSWER SECTION: mail.mil. 797 IN MX 10 pri-jeemsg.eemsg.mail.mil. mail.mil. 797 IN MX 20 sec-jeemsg.eemsg.mail.mil. ;; Query time: 0 msec ;; SERVER: 192.168.135.1#53(192.168.135.1) ;; WHEN: Thu May 03 09:51:57 EDT 2018 ;; MSG SIZE rcvd: 97 On Thu, May 3, 2018 at 9:32 AM,wrote: > Looks to be a DNSsec issue ... please correct me if I have that wrong. > > Frank > > -Original Message- > From: Frank Bulk (frnk...@iname.com) > Sent: Thursday, May 3, 2018 8:28 AM > To: 'mailop@mailop.org' (mailop@mailop.org) > Subject: No MX records for mail.mil > > I haven't investigated this thoroughly, but it seems like mail.mil is not > returning MX records from certain DNS resolvers. > > Frank > > > DNS server: 1.1.1.1 (Cloudflare DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 67 msec > ;; SERVER: 1.1.1.1#53(1.1.1.1) > ;; WHEN: Thu May 3 08:24:43 2018 > ;; MSG SIZE rcvd: 26 > > > DNS server: 1.0.0.1 (Cloudflare DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 4171 msec > ;; SERVER: 1.0.0.1#53(1.0.0.1) > ;; WHEN: Thu May 3 08:24:47 2018 > ;; MSG SIZE rcvd: 26 > > > DNS server: 8.8.8.8 (Google DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 34 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Thu May 3 08:24:42 2018 > ;; MSG SIZE rcvd: 26 > > > DNS server: 8.8.4.4 (Google DNS) > > ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;mail.mil. IN MX > > ;; Query time: 76 msec > ;; SERVER: 8.8.4.4#53(8.8.4.4) > ;; WHEN: Thu May 3 08:24:42 2018 > ;; MSG SIZE rcvd: 26 > > > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] No MX records for mail.mil
Looks to be a DNSsec issue ... please correct me if I have that wrong. Frank -Original Message- From: Frank Bulk (frnk...@iname.com)Sent: Thursday, May 3, 2018 8:28 AM To: 'mailop@mailop.org' (mailop@mailop.org) Subject: No MX records for mail.mil I haven't investigated this thoroughly, but it seems like mail.mil is not returning MX records from certain DNS resolvers. Frank DNS server: 1.1.1.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 67 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Thu May 3 08:24:43 2018 ;; MSG SIZE rcvd: 26 DNS server: 1.0.0.1 (Cloudflare DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 4171 msec ;; SERVER: 1.0.0.1#53(1.0.0.1) ;; WHEN: Thu May 3 08:24:47 2018 ;; MSG SIZE rcvd: 26 DNS server: 8.8.8.8 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 34 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 DNS server: 8.8.4.4 (Google DNS) ; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mail.mil. IN MX ;; Query time: 76 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Thu May 3 08:24:42 2018 ;; MSG SIZE rcvd: 26 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop