Problem resolving a domainkey TXT record

Fri, 13 Dec 2024 06:54:33 -0800 

Hello,
I recently noticed that emails from somewhat trustworthy organization don't have a valid DKIM signature - or rather, my email client can't verify them, because there is a timeout resolving the domainkey record. 


Testing this with 'dig' confirms the problem:


dig txt eulisa._domainkey.eulisa.europa.eu

;; communications error to 172.16.0.35#53: timed out

; <<>> DiG 9.18.28 <<>> txt eulisa._domainkey.eulisa.europa.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55417
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d6eea8bdf879508b01000000675c30a8e779768fc9685289 (good)
;; QUESTION SECTION:
;eulisa._domainkey.eulisa.europa.eu. IN TXT

;; Query time: 4992 msec
;; SERVER: 172.16.0.35#53(172.16.0.35) (UDP)
;; WHEN: Fri Dec 13 14:03:36 CET 2024
;; MSG SIZE  rcvd: 91


However, resolving other TXT records for the domain works normally:


dig txt eulisa.europa.eu


; <<>> DiG 9.18.28 <<>> txt eulisa.europa.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35151
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1c40aaf791d3d85d01000000675c30c1a34364fc3a09684c (good)
;; QUESTION SECTION:
;eulisa.europa.eu.              IN      TXT

;; ANSWER SECTION:
eulisa.europa.eu.       300     IN      TXT     "MS=ms83963822"
eulisa.europa.eu.       300     IN      TXT     "v=spf1 mx ip4:195.80.109.244 
ip4:195.80.109.246 ip4:185.78.44.242 ip4:185.78.44.243 ip4:185.7.39.180 ip4:213.32.127.167 
ip4:213.32.127.168" " ip4:51.254.189.37 ip4:194.126.110.37 ip4:212.234.189.164 
a:smtp-out.fingerprint.fr include:_spf.tech.ec.europa.eu include:spf.protection.outlook.com 
-all"
eulisa.europa.eu.       300     IN      TXT     
"atlassian-domain-verification=IAbzEpJrPKAGpbastIH07G8kB/zM1meGcRNejgMYZsby1d0k7VwnPjDu6eGVLbqT"
eulisa.europa.eu.       300     IN      TXT     "MS=ms12401514"
eulisa.europa.eu.       300     IN      TXT     
"apple-domain-verification=z8I34fLchFm3RjgN"

;; Query time: 204 msec
;; SERVER: 172.16.0.35#53(172.16.0.35) (UDP)
;; WHEN: Fri Dec 13 14:04:01 CET 2024
;; MSG SIZE  rcvd: 593
I tried resolving the domainkey with Google and other DNSs and it seems to work.
As far as I could find so far, the problem manifests itself only on my location, where I have three named servers - two are version 9.18.28 while one is 9.16.37. I also have a 4th one on a different location and it's even older (9.11.4), but this one does resolve the domain key: 


dig txt eulisa._domainkey.eulisa.europa.eu @dns4.elasticbox.eu


; <<>> DiG 9.18.28 <<>> txt eulisa._domainkey.eulisa.europa.eu 
@dns4.elasticbox.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9239
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 2b312991c2683e34f941a13f675c47654032168d65401367 (good)
;; QUESTION SECTION:
;eulisa._domainkey.eulisa.europa.eu. IN TXT

;; ANSWER SECTION:
eulisa._domainkey.eulisa.europa.eu. 3462 IN TXT "v=DKIM1;  
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XVPzcIhCuMinLW2oceuhuqpGRxpX3koW2cV7ZGUzCnO+G0Xw6611ZMLT+Sk6313k0zVbwsL8Fnrbt+guvdqzx3Zh23chNZ24+ExN8Fhlb7XK0F7PqEH7pdJ1GAuraBJQmNviPiV64epsYu5gbiP8Aol16AcTCw1UvAG8xD4gQL2bXg52i5ucq2pRhEd9jbz1nc6gLA"
 
"tcTwlSWVjlw6gu0+FzQ3DvhoCeMR8u6uOZx1GyWMX0YZRXEm9s8a2A1+mlD9l7+ypQWsyl1RiOI/RV5druI3mEuxPn1/pzyO7bbroZXcFOjz4B5Z9iRqtXoEZRhYIS8zScCKy+k8T8gGyWwIDAQAB;"

;; AUTHORITY SECTION:
eulisa.europa.eu.       3462    IN      NS      nssxb.eulisa.europa.eu.
eulisa.europa.eu.       3462    IN      NS      nstll.eulisa.europa.eu.

;; ADDITIONAL SECTION:
nstll.eulisa.europa.eu. 3462    IN      A       194.126.110.49
nssxb.eulisa.europa.eu. 3462    IN      A       212.234.189.180

;; Query time: 40 msec
;; SERVER: 54.229.229.105#53(dns4.elasticbox.eu) (UDP)
;; WHEN: Fri Dec 13 15:40:38 CET 2024
;; MSG SIZE  rcvd: 582
That implies that this might be a network problem, but since all servers have a public IP and no NAT, I really cant's imagine why or how.
What diagnostic steps can I do get a better idea of what's going on with these queries as far as named is concerned? 


      Thanks,

    Danilo




-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to