[HECnet] All gone silent

Johnny Billquist bqt at softjar.se
Tue Aug 17 02:48:40 PDT 2021 

Right. I have my own resolver, as I have my own domain that I serve.
I also observed that if I use another DNS server, I do get an answer.

The question is why my resolver gets denied. But it might be that me 
updating things could fix it, so I should start with that.

   Johnny

On 2021-08-17 03:48, Peter Lothberg wrote:
> Johnny,
> 
> It uses your local resolver and what it does is another story,
> try this:
> root at Homer1:/home/roll# dig @185.70.40.19 mail.protonmail.ch
> 
> ; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @185.70.40.19 mail.protonmail.ch
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43785
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;mail.protonmail.ch.		IN	A
> 
> ;; ANSWER SECTION:
> mail.protonmail.ch.	1200	IN	A	185.70.41.101
> 
> ;; AUTHORITY SECTION:
> protonmail.ch.		1200	IN	NS	ns2.protonmail.ch.
> protonmail.ch.		1200	IN	NS	ns1.protonmail.ch.
> protonmail.ch.		1200	IN	NS	ns7.protonmail.ch.
> 
> ;; ADDITIONAL SECTION:
> ns1.protonmail.ch.	1200	IN	A	185.70.40.19
> ns2.protonmail.ch.	1200	IN	A	185.70.41.19
> ns7.protonmail.ch.	1200	IN	A	3.127.12.149
> 
> ;; Query time: 370 msec
> ;; SERVER: 185.70.40.19#53(185.70.40.19)
> ;; WHEN: Mon Aug 16 18:46:31 PDT 2021
> ;; MSG SIZE  rcvd: 165
> 
> 
> 
> ----- Original Message -----
>> From: "bqt" <bqt at softjar.se>
>> To: "hecnet" <hecnet at Update.UU.SE>
>> Sent: Monday, August 16, 2021 9:42:39 PM
>> Subject: Re: [HECnet] All gone silent
> 
>> GW:/home/bqt> dig mail.protonmail.ch
>>
>> ; <<>> DiG 9.10.5-P1 <<>> mail.protonmail.ch
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48613
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;mail.protonmail.ch.            IN      A
>>
>> ;; Query time: 871 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Tue Aug 17 03:41:27 CEST 2021
>> ;; MSG SIZE  rcvd: 47
>>
>>
>> Too late in the evening for me to even try figure out what I am seeing.
>> But maybe you can spot it...
>>
>>    Johnny
>>
>> On 2021-08-17 03:40, Peter Lothberg wrote:
>>> (If "DIG" was used to produce output's this would be easier to debug...)
>>>
>>> Here i my 5-cents,
>>>
>>> DNS servers/DNS revolvers do nowadays not respond if the indirect bit is set
>>> in a query. This might be the thing we are seeing?
>>>
>>> -P
>>>
>>>
>>> ----- Original Message -----
>>>> From: "bqt" <bqt at softjar.se>
>>>> To: "hecnet" <hecnet at Update.UU.SE>
>>>> Sent: Monday, August 16, 2021 9:34:20 PM
>>>> Subject: Re: [HECnet] All gone silent
>>>
>>>> On 2021-08-17 03:04, Paul Koning wrote:
>>>>>
>>>>>
>>>>>> On Aug 16, 2021, at 6:36 PM, Mark <mwjr at protonmail.com> wrote:
>>>>>>
>>>>>> Mystery solved (or at least the mystery of no response) - I used to have some
>>>>>> issues when I ran authoratitive DNS and mail directly from our school's IP
>>>>>> addresses rather than an 'established' (big tech co) source
>>>>>
>>>>> Why would that explain the failure to answer DNS queries?  DNS servers are
>>>>> supposed to answer queries from everyone.  I've never heard of failing to do
>>>>> so.  FWIW, I just tried asking ns1.protonmail.ch about mail.protonmail.ch, and
>>>>> it was happy to answer me (to my random Comcast client addresses, IPv4 and IPv6
>>>>> both work).
>>>>
>>>> I think the comment should be read as "that explains the failure of the
>>>> mail being delivered".
>>>>
>>>> Why the DNS queries are blocked from my mail server remains a mystery,
>>>> but it is a fact that they are.
>>>>
>>>> I could/should update that machine, in case there is something in my
>>>> whole setup that is a reason, but right now I can't really understand
>>>> what that would be...
>>>>
>>>> If I explicitly give the IP address of ns1.protonmail.ch as the name
>>>> server, I do get a response. Not sure if it might in the end be some
>>>> other name server that is refusing me, and I don't really feel like
>>>> trying to figure out where things are going wrong right now.
>>>> But maybe updating my system will help. We'll see. Something I'll try in
>>>> the next day or two.
>>>>
>>>>     Johnny
>>>>
>>>> --
>>>> Johnny Billquist                  || "I'm on a bus
>>>>                                     ||  on a psychedelic trip
>>>> email: bqt at softjar.se             ||  Reading murder books
>>>> pdp is alive!                     ||  tryin' to stay hip" - B. Idol
>>
>> --
>> Johnny Billquist                  || "I'm on a bus
>>                                    ||  on a psychedelic trip
>> email: bqt at softjar.se             ||  Reading murder books
>> pdp is alive!                     ||  tryin' to stay hip" - B. Idol

-- 
Johnny Billquist                  || "I'm on a bus
                                   ||  on a psychedelic trip
email: bqt at softjar.se             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

More information about the Hecnet-list mailing list