On Fri, May 6, 2016 at 3:22 AM, Tony Finch wrote:
> Franck Martin via mailop wrote:
>
> > This page, provides a way to test EDNS:
> > https://www.dns-oarc.net/oarc/services/replysizetest
>
> That's testing the EDNS large packet feature. A DNS server can support
> EDNS without supporting large pa
Franck Martin via mailop wrote:
> This page, provides a way to test EDNS:
> https://www.dns-oarc.net/oarc/services/replysizetest
That's testing the EDNS large packet feature. A DNS server can support
EDNS without supporting large packets.
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn
an<mailto:rheil...@echolabs.net>;
mailop@mailop.org<mailto:mailop@mailop.org>
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
I use this tool because it checks everything DNS (including DNSSEC) and makes a
pretty graph. The two errors are not related to DNSSEC, so see
This page, provides a way to test EDNS:
https://www.dns-oarc.net/oarc/services/replysizetest
Bind acts this way.
Makes an EDNS query of full size, if no answer, makes a DNS query and
request the response to be limited to a 512bytes answer, there it usually
will get an answer, that the result is t
gt; ?
>
>
>
> *From:* Franck Martin [mailto:fmar...@linkedin.com]
> *Sent:* Wednesday, May 4, 2016 4:20 PM
> *To:* Rob Heilman
> *Cc:* Michael Wise ; mailop@mailop.org
>
> *Subject:* Re: [mailop] DNS Errors for Microsoft Hostnames
>
>
>
> I like to use this to
Mail Reporting Tool ?
-Original Message-
From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch
Sent: Thursday, May 5, 2016 3:29 AM
To: Michael Wise
Cc: mailop@mailop.org
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
Michael Wise wrote:
>
> So is the FO
Michael Wise wrote:
>
> So is the FORMERR ... just the resolver noting that EDNS is not supported?
>
> If so, I'm uncertain of the issue.
There has been some discussion of this problem on the bind-users list, see
https://lists.isc.org/pipermail/bind-users/2016-May/thread.html
The problems seem t
>
> On May 4, 2016, at 4:19 PM, Franck Martin via mailop
> wrote:
>
> I like to use this tool to tell me everything...
>
> I used it on the first domain, told me there are 2 errors:
> http://dnsviz.net/d/alleghenycourts-us.mail.protection.outlook.com/dnssec/
That's just the same "these server
m: Franck Martin [mailto:fmar...@linkedin.com]
Sent: Wednesday, May 4, 2016 4:20 PM
To: Rob Heilman
Cc: Michael Wise ; mailop@mailop.org
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
I like to use this tool to tell me everything...
I used it on the first domain, told me there ar
tails
> Reported error: 550 5.7.1 Mail rejected - dcc score 1000
> Retry count: 1
> DSN generated by: BY2PR03MB409.namprd03.prod.outlook.com
> <http://by2pr03mb409.namprd03.prod.outlook.com/>
> Remote server: *
>
> Traffic to a mailinglist is scored with DCC?
>
&
l Reporting Tool ?
>>
>> -Original Message-----
>> From: mailop [mailto:mailop-boun...@mailop.org
>> <mailto:mailop-boun...@mailop.org>] On Behalf Of Carl Byington
>> Sent: Thursday, April 28, 2016 2:16 PM
>> To: mailop@mailop.org <mailto:mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> For it to be blocked as spam, the system must have seen many copies...
> I guess enough people are sending out DCC hashes that enough of them
> added up and the direct email was blocked?
Apparently so; unless some recipient is marking the list as
2, 2016 2:22 PM
To: mailop@mailop.org
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 21:56 +, Michael Wise wrote:
> So is the FORMERR ... just the resolver noting that EDNS is not
> supported?
Yes.
If so,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 21:56 +, Michael Wise wrote:
> So is the FORMERR ... just the resolver noting that EDNS is not
> supported?
Yes.
If so, I'm uncertain of the issue.
> We don't use EDNS here, so that's what the "our" servers should be
> d
sage-
> From: mailop [mailto:mailop-boun...@mailop.org
> <mailto:mailop-boun...@mailop.org>] On Behalf Of Carl Byington
> Sent: Thursday, April 28, 2016 2:16 PM
> To: mailop@mailop.org <mailto:mailop@mailop.org>
> Subject: Re: [mailop] DNS Errors for Microsoft Hostname
ise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
Processed." | Got the Junk Mail Reporting Tool ?
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Thursday, April 28, 2016 2:16 PM
To: mailop@mailop.org
Subject: Re
For EDNS to work correctly you MUST accept UDP fragmented packets, or
configure your DNS server to advertise a max EDNS packet size of about 1200
bytes.
Otherwise, bind, for instance, goes in a series of fallback and by the time
the result is available the mail server has moved on...
On Thu, Apr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 20:57 +, Michael Wise wrote:
> If the "Aware" flag expired, would best practice not be to check that
> first rather than presuppose that the facility does exist?
The check for "edns aware" involves sending the query with ed
On Thu, Apr 28, 2016 at 2:18 PM, Rob Heilman wrote:
> pitt-edu.mail.protection.outlook.com
I haven't been following this discussion, but for the purpose of
providing some historical perspective... pitt.edu seemed to have
signed their DNS two weekends ago, and upmc.edu signed their DNS last
weeke
ver doing the wrong thing when looking up
domains on our service.
?
Aloha,
Michael.
--
Sent from my Windows Phone
From: Carl Byington<mailto:c...@five-ten-sg.com>
Sent: 4/28/2016 1:47 PM
To: mailop<mailto:mailop@mailop.org>
Subject: Re: [mailo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 20:01 +, Michael Wise wrote:
> " All this is stating is that DNS++ does not support RFC 2671 EDNS
> protocol extensions.
> " DNS++ is responding per the RFC by sending the FORMERR back to the
> requestor. I believe this is
Sent: Thursday, April 28, 2016 12:03 PM
To: mailop
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 11:41 -0700, Steve Atkins wrote:
> Looks like (some of) the Microsoft authoritative servers are confused
> by
Rose, Scott wrote:
outlook.com isn’t signed, so I doubt it is a DNSSEC error (though they
look the same). BIND should see that it isn’t signed and just roll
with it. Could be that a server in the chain isn’t responding
(whatever serves the mail.protection.outlook.com zone).
We use Office365
[mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Thursday, April 28, 2016 12:03 PM
To: mailop
Subject: Re: [mailop] DNS Errors for Microsoft Hostnames
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 11:41 -0700, Steve Atkins wrote:
> Looks like (some of) the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 11:41 -0700, Steve Atkins wrote:
> Looks like (some of) the Microsoft authoritative servers are confused
> by dnssec.
> ~ ? dig +dnssec @ns1-proddns.glbdns.o365filtering.com pitt-
> edu.mail.protection.outlook.com
confused by
> On Apr 28, 2016, at 11:18 AM, Rob Heilman wrote:
>
> We are seeing intermittent but frequent SERVFAIL errors for Microsoft owned
> hostnames in MX records. Specifically with *.mail.protection.outlook.com
> hostnames. In the BIND logs we see something like this:
>
> 28-Apr-2016 13:35:01.13
outlook.com isn’t signed, so I doubt it is a DNSSEC error (though they
look the same). BIND should see that it isn’t signed and just roll
with it. Could be that a server in the chain isn’t responding
(whatever serves the mail.protection.outlook.com zone).
We use Office365 too, and have heard
We are seeing intermittent but frequent SERVFAIL errors for Microsoft owned
hostnames in MX records. Specifically with *.mail.protection.outlook.com
hostnames. In the BIND logs we see something like this:
28-Apr-2016 13:35:01.139 query-errors: debug 1: client 10.10.10.96#48950
(pitt-edu.mail.
28 matches
Mail list logo
