[HECnet] All gone silent

Johnny, Do this command on your box. dig @185.70.40.19 mail.protonmail.ch Then we knew if they respond to you or not, then we knew a bit better where to look next. -P ----- Original Message ----- > Right. I have my own resolver, as I have my own domain that I serve. > I also observed that if I use another DNS server, I do get an answer. > > The question is why my resolver gets denied. But it might be that me > updating things could fix it, so I should start with that. > > Johnny > > On 2021-08-17 03:48, Peter Lothberg wrote: >> Johnny, >> >> It uses your local resolver and what it does is another story, >> try this: >> root at Homer1:/home/roll# dig @185.70.40.19 mail.protonmail.ch >> >> ; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> @185.70.40.19 mail.protonmail.ch >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43785 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 >> ;; WARNING: recursion requested but not available >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;mail.protonmail.ch. IN A >> >> ;; ANSWER SECTION: >> mail.protonmail.ch. 1200 IN A 185.70.41.101 >> >> ;; AUTHORITY SECTION: >> protonmail.ch. 1200 IN NS ns2.protonmail.ch. >> protonmail.ch. 1200 IN NS ns1.protonmail.ch. >> protonmail.ch. 1200 IN NS ns7.protonmail.ch. >> >> ;; ADDITIONAL SECTION: >> ns1.protonmail.ch. 1200 IN A 185.70.40.19 >> ns2.protonmail.ch. 1200 IN A 185.70.41.19 >> ns7.protonmail.ch. 1200 IN A 3.127.12.149 >> >> ;; Query time: 370 msec >> ;; SERVER: 185.70.40.19#53(185.70.40.19) >> ;; WHEN: Mon Aug 16 18:46:31 PDT 2021 >> ;; MSG SIZE rcvd: 165 >> >> >> >> ----- Original Message ----- >>> From: "bqt" <bqt at softjar.se> >>> To: "hecnet" <hecnet at Update.UU.SE> >>> Sent: Monday, August 16, 2021 9:42:39 PM >>> Subject: Re: [HECnet] All gone silent >> >>> GW:/home/bqt> dig mail.protonmail.ch >>> >>> ; <<>> DiG 9.10.5-P1 <<>> mail.protonmail.ch >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48613 >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;mail.protonmail.ch. IN A >>> >>> ;; Query time: 871 msec >>> ;; SERVER: 127.0.0.1#53(127.0.0.1) >>> ;; WHEN: Tue Aug 17 03:41:27 CEST 2021 >>> ;; MSG SIZE rcvd: 47 >>> >>> >>> Too late in the evening for me to even try figure out what I am seeing. >>> But maybe you can spot it... >>> >>> Johnny >>> >>> On 2021-08-17 03:40, Peter Lothberg wrote: >>>> (If "DIG" was used to produce output's this would be easier to debug...) >>>> >>>> Here i my 5-cents, >>>> >>>> DNS servers/DNS revolvers do nowadays not respond if the indirect bit is set >>>> in a query. This might be the thing we are seeing? >>>> >>>> -P >>>> >>>> >>>> ----- Original Message ----- >>>>> From: "bqt" <bqt at softjar.se> >>>>> To: "hecnet" <hecnet at Update.UU.SE> >>>>> Sent: Monday, August 16, 2021 9:34:20 PM >>>>> Subject: Re: [HECnet] All gone silent >>>> >>>>> On 2021-08-17 03:04, Paul Koning wrote: >>>>>> >>>>>> >>>>>>> On Aug 16, 2021, at 6:36 PM, Mark <mwjr at protonmail.com> wrote: >>>>>>> >>>>>>> Mystery solved (or at least the mystery of no response) - I used to have some >>>>>>> issues when I ran authoratitive DNS and mail directly from our school's IP >>>>>>> addresses rather than an 'established' (big tech co) source >>>>>> >>>>>> Why would that explain the failure to answer DNS queries? DNS servers are >>>>>> supposed to answer queries from everyone. I've never heard of failing to do >>>>>> so. FWIW, I just tried asking ns1.protonmail.ch about mail.protonmail.ch, and >>>>>> it was happy to answer me (to my random Comcast client addresses, IPv4 and IPv6 >>>>>> both work). >>>>> >>>>> I think the comment should be read as "that explains the failure of the >>>>> mail being delivered". >>>>> >>>>> Why the DNS queries are blocked from my mail server remains a mystery, >>>>> but it is a fact that they are. >>>>> >>>>> I could/should update that machine, in case there is something in my >>>>> whole setup that is a reason, but right now I can't really understand >>>>> what that would be... >>>>> >>>>> If I explicitly give the IP address of ns1.protonmail.ch as the name >>>>> server, I do get a response. Not sure if it might in the end be some >>>>> other name server that is refusing me, and I don't really feel like >>>>> trying to figure out where things are going wrong right now. >>>>> But maybe updating my system will help. We'll see. Something I'll try in >>>>> the next day or two. >>>>> >>>>> Johnny >>>>> >>>>> -- >>>>> Johnny Billquist || "I'm on a bus >>>>> || on a psychedelic trip >>>>> email: bqt at softjar.se || Reading murder books >>>>> pdp is alive! || tryin' to stay hip" - B. Idol >>> >>> -- >>> Johnny Billquist || "I'm on a bus >>> || on a psychedelic trip >>> email: bqt at softjar.se || Reading murder books >>> pdp is alive! || tryin' to stay hip" - B. Idol > > -- > Johnny Billquist || "I'm on a bus > || on a psychedelic trip > email: bqt at softjar.se || Reading murder books > pdp is alive! || tryin' to stay hip" - B. Idol