[pfx] Re: per-domain sender_checks?

Tue, 16 May 2023 15:55:33 -0700 

Hi,

On Tue, May 16, 2023 at 4:16 PM Viktor Dukhovni via Postfix-users <
postfix-users@postfix.org> wrote:

> On Tue, May 16, 2023 at 11:27:52AM -0400, Alex via Postfix-users wrote:
>
> > > > $ host info.apr.gov.rs
> > > > Host info.apr.gov.rs not found: 2(SERVFAIL)
> >
> > There's definitely a problem with their name servers, but it also seems
> my
> > version of bind is not permissive enough for such failures, although my
> > bind-9.16.38 system is, using the same configuration.
>
> The problems with their DNS are:
>
>     - ns1.apr.gov.rs: EDNS(0) option intolerance, but returns
>       FORMERR, so fallback to non-EDNS queries should (and does) work.
>
>         $ dig -t a +nocomment +nocookie +nostats +nocmd +norecur +nocl
> +nottl @ns1.apr.gov.rs info.apr.gov.rs.
>         ;info.apr.gov.rs.       IN A
>         info.apr.gov.rs.        A       195.178.56.17
>
>       Disabling use of cookies in your BIND configuration would suffice.
>
>     - ns2.apr.gov.rs: Supports EDNS(0), but returns SERVFAIL to all
>       queries.
>
>         $ dig -t a +noall +comment +norecur +noedns +nocl +nottl @
> ns2.apr.gov.rs info.apr.gov.rs.
>         ;; Got answer:
>         ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42971
>         ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> > Public name servers also appear to have no issues. I'm currently
> > researching these FORMERR messages.
>
> Turn off coookies for queries to this domain, or generally.
>

Turning off cookies for this server solved the problem, but it's not a very
scalable method. I realize this isn't bind-users, but can I ask if there is
a way to fallback to not using cookies, instead of having to create a
server {} section for each broken server?

I have a bind-9.16.38 system and it's apparently able to query these broken
servers without issue.






>
> --
>     Viktor.
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to