Hi!
I find I'm unable to send mail to a domain. I get an NDR saying DNS lookup
failed. Indeed, when I try manually, I get:
906-north:src$ dig emeraldonion.org mx
; <<>> DiG 9.10.3-P4-Debian <<>> emeraldonion.org mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status:
> How do I fix this issue?
You don’t, their DNSSEC is broken:
https://dnsviz.net/d/emeraldonion.org/dnssec/
They have to either start signing again or remove DS record from the parent
(org).
Ondrej
--
Ondřej Surý
ond...@isc.org
> On 8 Feb 2020, at 02:36, Alessandro Vesely wrote:
>
> Hi!
>
Hi,
thank you for your prompt reply!
On Sat 08/Feb/2020 11:39:05 +0100 Ondřej Surý wrote:
>> How do I fix this issue?
>
>
> You don’t, their DNSSEC is broken:
>
> https://dnsviz.net/d/emeraldonion.org/dnssec/
I see. Is there a command to diagnose that locally?
> They have to either start
If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig +dnssec
emeraldonion.org mx` does not, then it’s most probably validation failure.
Then of course based on your logging setup, the validation failures might be
visible in BIND 9 log.
Ondrej
--
Ondřej Surý
ond...@isc.org
>
Hi
On Sat 08/Feb/2020 12:05:23 +0100 Ondřej Surý wrote:
> If `dig +dnssec +cd emeraldonion.org mx` will give you answers and `dig
> +dnssec emeraldonion.org mx` does not, then it’s most probably validation
> failure.
Aha, +cd is what I wanted to learn. Thanks a lot!
>
> Then of course base
5 matches
Mail list logo
