MRob:
> Last few days, I'm seeing large amount of failures in a log file for
> domains using protection.outlook.com:
>
> to=<u...@example.com>, relay=none, delay=13190, delays=13187/0.08/2.2/0,
> dsn=4.4.3, status=deferred (Host or domain name not found. Name service
> error for name=example-com.mail.protection.outlook.com type=AAAA: Host
> not found, try again)
Do you need IPv6 support? If not, disable it and avoid useless lookups.
> These domains do have A records, but some of them can take anywhere from
> .75 of a second to 3 seconds to return a result from DNS lookup (using
> dig).
>
> When postfix reports it cannot find AAAA record, can I assume every time
> it retries it also looks for the A record?
If you enable both IPv4 and IPv6, then Postfix must look for both
A and AAAA records. There is no IP protocol field in MX records.
The current Postfix default is to randomize equal-preference A and
AAAA lookups, so I am surprised that the last failUre is always for
AAAA lookups.
> Is the problem a lookup timeout? Never seen this before the last few
> days, so am inclined to think it's mostly their problem, or is there
> something I could do?
This could a messed-up DNS resolver anywhere in the path, including
a bad resolv.conf file under /var/spool/postfix/etc, or some
'security' filter that breaks connectivity to some DNS server.
For me, A and AAAA lookups of example-com.mail.protection.outlook.com
are instantaneous (reply: NXDOMAIN).
Wietse
