[dns-operations] Cannot send mail to outlook.com due to olc.protection.outlook.com configuration issues
Craig Leres
leres at ee.lbl.gov
Fri Oct 6 20:36:26 UTC 2023
On 10/6/23 11:34, Viktor Dukhovni wrote:
> While the nameservers behind that domain have various unfortunate
> limitations, they're minimally usable, and you should be able to resolve
> the A/AAAA records of the MX hosts with no issue. What specific problems
> is your unbound running into. I also use "unbound" and do not run into
> substatial issues with that domain: $ dig -t a
> outlook-com.olc.protection.outlook.com ; <<>> DiG 9.18.14 <<>> -t a
> outlook-com.olc.protection.outlook.com ;; global options: +cmd ;; Got
> answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63936 ;;
> flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT
> PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1400 ;; QUESTION
> SECTION: ;outlook-com.olc.protection.outlook.com. IN A ;; ANSWER
> SECTION: outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.0
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.6
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.8.37
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.5
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.27
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.42.12
> outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.31 ;; Query
> time: 119 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Oct
> 06 14:32:53 EDT 2023 ;; MSG SIZE rcvd: 179 So long as you don't try to
> look up TLSA records, or insist on using EDNS(0), even after a FORMERR
> response, you should be fine.
I've had edns0 in resolv.conf for a really long time but even if I
comment that out I'm still unable to deliver mail. Also I get SERVFAIL
or a timeout if I lookup outlook-com.olc.protection.outlook.com.
Craig
dot 176 % host outlook-com.olc.protection.outlook.com
outlook-com.olc.protection.outlook.com has address 52.101.11.11
outlook-com.olc.protection.outlook.com has address 52.101.68.20
outlook-com.olc.protection.outlook.com has address 52.101.73.20
outlook-com.olc.protection.outlook.com has address 52.101.73.3
outlook-com.olc.protection.outlook.com has address 52.101.8.33
outlook-com.olc.protection.outlook.com has address 52.101.68.4
outlook-com.olc.protection.outlook.com has address 52.101.68.37
Host outlook-com.olc.protection.outlook.com not found: 2(SERVFAIL)
dot 177 % host outlook-com.olc.protection.outlook.com
outlook-com.olc.protection.outlook.com has address 52.101.68.4
outlook-com.olc.protection.outlook.com has address 52.101.68.37
outlook-com.olc.protection.outlook.com has address 52.101.11.11
outlook-com.olc.protection.outlook.com has address 52.101.68.20
outlook-com.olc.protection.outlook.com has address 52.101.73.20
outlook-com.olc.protection.outlook.com has address 52.101.73.3
outlook-com.olc.protection.outlook.com has address 52.101.8.33
;; communications error to 127.0.0.2#53: timed out
;; communications error to 127.0.0.2#53: timed out
;; no servers could be reached
More information about the dns-operations
mailing list