[dns-operations] Cannot send mail to outlook.com due to olc.protection.outlook.com configuration issues
jack tavares
tavares at gmail.com
Sat Oct 7 16:12:31 UTC 2023
On Fri, Oct 6, 2023 at 1:39 PM Craig Leres <leres at ee.lbl.gov> wrote:
> On 10/6/23 11:34, Viktor Dukhovni wrote:
> > While the nameservers behind that domain have various unfortunate
> > limitations, they're minimally usable, and you should be able to resolve
> > the A/AAAA records of the MX hosts with no issue. What specific problems
> > is your unbound running into. I also use "unbound" and do not run into
> > substatial issues with that domain: $ dig -t a
> > outlook-com.olc.protection.outlook.com ; <<>> DiG 9.18.14 <<>> -t a
> > outlook-com.olc.protection.outlook.com ;; global options: +cmd ;; Got
> > answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63936 ;;
> > flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT
> > PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1400 ;; QUESTION
> > SECTION: ;outlook-com.olc.protection.outlook.com. IN A ;; ANSWER
> > SECTION: outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.0
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.6
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.8.37
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.11.5
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.27
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.42.12
> > outlook-com.olc.protection.outlook.com. 300 IN A 52.101.73.31 ;; Query
> > time: 119 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Oct
> > 06 14:32:53 EDT 2023 ;; MSG SIZE rcvd: 179 So long as you don't try to
> > look up TLSA records, or insist on using EDNS(0), even after a FORMERR
> > response, you should be fine.
>
> I've had edns0 in resolv.conf for a really long time but even if I
> comment that out I'm still unable to deliver mail. Also I get SERVFAIL
> or a timeout if I lookup outlook-com.olc.protection.outlook.com.
>
> Craig
>
> dot 176 % host outlook-com.olc.protection.outlook.com
> outlook-com.olc.protection.outlook.com has address 52.101.11.11
> outlook-com.olc.protection.outlook.com has address 52.101.68.20
> outlook-com.olc.protection.outlook.com has address 52.101.73.20
> outlook-com.olc.protection.outlook.com has address 52.101.73.3
> outlook-com.olc.protection.outlook.com has address 52.101.8.33
> outlook-com.olc.protection.outlook.com has address 52.101.68.4
> outlook-com.olc.protection.outlook.com has address 52.101.68.37
> Host outlook-com.olc.protection.outlook.com not found: 2(SERVFAIL)
> dot 177 % host outlook-com.olc.protection.outlook.com
> outlook-com.olc.protection.outlook.com has address 52.101.68.4
> outlook-com.olc.protection.outlook.com has address 52.101.68.37
> outlook-com.olc.protection.outlook.com has address 52.101.11.11
> outlook-com.olc.protection.outlook.com has address 52.101.68.20
> outlook-com.olc.protection.outlook.com has address 52.101.73.20
> outlook-com.olc.protection.outlook.com has address 52.101.73.3
> outlook-com.olc.protection.outlook.com has address 52.101.8.33
> ;; communications error to 127.0.0.2#53: timed out
> ;; communications error to 127.0.0.2#53: timed out
> ;; no servers could be reached
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
Interesting, it works fine with dig, but I get the same error the author
does
when I use "host"
I used to know the significant differences between "host" and "dig" but I
have
not used "host" in so long, I have forgotten them.
--
jack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20231007/976c9c2e/attachment.html>
More information about the dns-operations
mailing list