On 9/19/24 11:47, Viktor Dukhovni via mailop wrote:
On Thu, Sep 19, 2024 at 11:29:23AM -0700, Seth Mattinen via mailop wrote:
Looking for someone who handles mail in duke.edu for a sub-delegation. I am
having problems with mail delays on @dm.duke.edu due to DNS lookup failures
causing domain does not exist errors.
The are of course (soft-fail) deferred, because the DNS lookup failures
are not definitive, SERVFAIL is not NXDOMAIN.
2024-09-18T10:22:33.457792-07:00 mail postfix/smtpd[4184837]: NOQUEUE:
reject: RCPT from unknown[2600:1806:511:210:1eaf::11]: 450 4.1.8
<duhs_ehr-form-requ...@dm.duke.edu>: Sender address rejected: Domain not
found; from=<duhs_ehr-form-requ...@dm.duke.edu> to=<xxxx...@xxxxxx.com>
proto=ESMTP helo=<mx1.dnsmadeeasy.com>
Looking at DNS shows me the following (and DNSViz):
dm.duke.edu. 21600 IN NS nameserver1.mc.duke.edu.
dm.duke.edu. 21600 IN NS nameserver2.mc.duke.edu.
;; Received 135 bytes from 152.3.105.232#53(dns-auth-02.oit.duke.edu) in 76
ms
nameserver1.mc.duke.edu has address 152.16.1.4
nameserver1.mc.duke.edu has IPv6 address 2620:0:691:dc50::4
nameserver2.mc.duke.edu has address 152.16.1.12
nameserver2.mc.duke.edu has IPv6 address 2620:0:691:dc57::12
But do you really only have IPv6 connectivity? Sadly, you really should
have at least one IPv4-capable MX host whose iterative nameservers can
reach the IPv4 Internet. Many mail systems are still only V4-capable,
or their DNS is only available via IPv4 (no IPv6 NS IPs to even attempt
to query).
I have been dual stacked since December 2008 so I have a decent amount
of experience, but it's a problem in this situation for reasons that at
the moment I can't find.
I use PowerDNS Recursor with DNSSEC validation enabled with dnsdist in
front of the Recursor pools.
~Seth
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
