[HECnet] All gone silent

Johnny Billquist bqt at softjar.se
Tue Aug 17 06:03:52 PDT 2021 

Not sure what you expected...

GW:/home/bqt# dig @185.70.40.19 mail.protonmail.ch

; <<>> DiG 9.10.5-P1 <<>> @185.70.40.19 mail.protonmail.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36024
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mail.protonmail.ch.            IN      A

;; ANSWER SECTION:
mail.protonmail.ch.     1200    IN      A       185.70.41.101

;; AUTHORITY SECTION:
protonmail.ch.          1200    IN      NS      ns7.protonmail.ch.
protonmail.ch.          1200    IN      NS      ns2.protonmail.ch.
protonmail.ch.          1200    IN      NS      ns1.protonmail.ch.

;; ADDITIONAL SECTION:
ns1.protonmail.ch.      1200    IN      A       185.70.40.19
ns2.protonmail.ch.      1200    IN      A       185.70.41.19
ns7.protonmail.ch.      1200    IN      A       3.127.12.149

;; Query time: 53 msec
;; SERVER: 185.70.40.19#53(185.70.40.19)
;; WHEN: Tue Aug 17 15:02:03 CEST 2021
;; MSG SIZE  rcvd: 165

GW:/home/bqt#

Which exactly what I expected. As I mentioned, I already tried from that 
machine to resolve using a different name server, and it worked.

But maybe there is something else you are looking for. I'm really too 
tired to think today.

   Johnny

On 2021-08-17 14:02, Peter Lothberg wrote:
> Johnny,
> 
> Do this command on your box.
> 
>   dig @185.70.40.19 mail.protonmail.ch
> 
> Then we knew if they respond to you or not, then we knew a bit better
> where to look next.
> 
> -P
> 
> 
> ----- Original Message -----
>> From: "bqt" <bqt at softjar.se>
>> To: "hecnet" <hecnet at Update.UU.SE>
>> Sent: Tuesday, August 17, 2021 5:48:40 AM
>> Subject: Re: [HECnet] All gone silent
> 
>> Right. I have my own resolver, as I have my own domain that I serve.
>> I also observed that if I use another DNS server, I do get an answer.
>>
>> The question is why my resolver gets denied. But it might be that me
>> updating things could fix it, so I should start with that.
>>
>>    Johnny
>>
>> On 2021-08-17 03:48, Peter Lothberg wrote:
>>> Johnny,
>>>
>>> It uses your local resolver and what it does is another story,
>>> try this:
>>> root at Homer1:/home/roll# dig @185.70.40.19 mail.protonmail.ch
>>>
>>> ; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @185.70.40.19 mail.protonmail.ch
>>> ; (1 server found)
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43785
>>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4
>>> ;; WARNING: recursion requested but not available
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4096
>>> ;; QUESTION SECTION:
>>> ;mail.protonmail.ch.		IN	A
>>>
>>> ;; ANSWER SECTION:
>>> mail.protonmail.ch.	1200	IN	A	185.70.41.101
>>>
>>> ;; AUTHORITY SECTION:
>>> protonmail.ch.		1200	IN	NS	ns2.protonmail.ch.
>>> protonmail.ch.		1200	IN	NS	ns1.protonmail.ch.
>>> protonmail.ch.		1200	IN	NS	ns7.protonmail.ch.
>>>
>>> ;; ADDITIONAL SECTION:
>>> ns1.protonmail.ch.	1200	IN	A	185.70.40.19
>>> ns2.protonmail.ch.	1200	IN	A	185.70.41.19
>>> ns7.protonmail.ch.	1200	IN	A	3.127.12.149
>>>
>>> ;; Query time: 370 msec
>>> ;; SERVER: 185.70.40.19#53(185.70.40.19)
>>> ;; WHEN: Mon Aug 16 18:46:31 PDT 2021
>>> ;; MSG SIZE  rcvd: 165
>>>
>>>
>>>
>>> ----- Original Message -----
>>>> From: "bqt" <bqt at softjar.se>
>>>> To: "hecnet" <hecnet at Update.UU.SE>
>>>> Sent: Monday, August 16, 2021 9:42:39 PM
>>>> Subject: Re: [HECnet] All gone silent
>>>
>>>> GW:/home/bqt> dig mail.protonmail.ch
>>>>
>>>> ; <<>> DiG 9.10.5-P1 <<>> mail.protonmail.ch
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48613
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 4096
>>>> ;; QUESTION SECTION:
>>>> ;mail.protonmail.ch.            IN      A
>>>>
>>>> ;; Query time: 871 msec
>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>> ;; WHEN: Tue Aug 17 03:41:27 CEST 2021
>>>> ;; MSG SIZE  rcvd: 47
>>>>
>>>>
>>>> Too late in the evening for me to even try figure out what I am seeing.
>>>> But maybe you can spot it...
>>>>
>>>>     Johnny
>>>>
>>>> On 2021-08-17 03:40, Peter Lothberg wrote:
>>>>> (If "DIG" was used to produce output's this would be easier to debug...)
>>>>>
>>>>> Here i my 5-cents,
>>>>>
>>>>> DNS servers/DNS revolvers do nowadays not respond if the indirect bit is set
>>>>> in a query. This might be the thing we are seeing?
>>>>>
>>>>> -P
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "bqt" <bqt at softjar.se>
>>>>>> To: "hecnet" <hecnet at Update.UU.SE>
>>>>>> Sent: Monday, August 16, 2021 9:34:20 PM
>>>>>> Subject: Re: [HECnet] All gone silent
>>>>>
>>>>>> On 2021-08-17 03:04, Paul Koning wrote:
>>>>>>>
>>>>>>>
>>>>>>>> On Aug 16, 2021, at 6:36 PM, Mark <mwjr at protonmail.com> wrote:
>>>>>>>>
>>>>>>>> Mystery solved (or at least the mystery of no response) - I used to have some
>>>>>>>> issues when I ran authoratitive DNS and mail directly from our school's IP
>>>>>>>> addresses rather than an 'established' (big tech co) source
>>>>>>>
>>>>>>> Why would that explain the failure to answer DNS queries?  DNS servers are
>>>>>>> supposed to answer queries from everyone.  I've never heard of failing to do
>>>>>>> so.  FWIW, I just tried asking ns1.protonmail.ch about mail.protonmail.ch, and
>>>>>>> it was happy to answer me (to my random Comcast client addresses, IPv4 and IPv6
>>>>>>> both work).
>>>>>>
>>>>>> I think the comment should be read as "that explains the failure of the
>>>>>> mail being delivered".
>>>>>>
>>>>>> Why the DNS queries are blocked from my mail server remains a mystery,
>>>>>> but it is a fact that they are.
>>>>>>
>>>>>> I could/should update that machine, in case there is something in my
>>>>>> whole setup that is a reason, but right now I can't really understand
>>>>>> what that would be...
>>>>>>
>>>>>> If I explicitly give the IP address of ns1.protonmail.ch as the name
>>>>>> server, I do get a response. Not sure if it might in the end be some
>>>>>> other name server that is refusing me, and I don't really feel like
>>>>>> trying to figure out where things are going wrong right now.
>>>>>> But maybe updating my system will help. We'll see. Something I'll try in
>>>>>> the next day or two.
>>>>>>
>>>>>>      Johnny
>>>>>>
>>>>>> --
>>>>>> Johnny Billquist                  || "I'm on a bus
>>>>>>                                      ||  on a psychedelic trip
>>>>>> email: bqt at softjar.se             ||  Reading murder books
>>>>>> pdp is alive!                     ||  tryin' to stay hip" - B. Idol
>>>>
>>>> --
>>>> Johnny Billquist                  || "I'm on a bus
>>>>                                     ||  on a psychedelic trip
>>>> email: bqt at softjar.se             ||  Reading murder books
>>>> pdp is alive!                     ||  tryin' to stay hip" - B. Idol
>>
>> --
>> Johnny Billquist                  || "I'm on a bus
>>                                    ||  on a psychedelic trip
>> email: bqt at softjar.se             ||  Reading murder books
>> pdp is alive!                     ||  tryin' to stay hip" - B. Idol

-- 
Johnny Billquist                  || "I'm on a bus
                                   ||  on a psychedelic trip
email: bqt at softjar.se             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

More information about the Hecnet-list mailing list