Anyone with contacts at Paypal and/or Ultradns?
Tom Ivar Helbekkmo
tih at hamartun.priv.no
Wed Dec 11 06:45:24 UTC 2019
Mail from Paypal to me is failing, hard, because I run a resolver with
DNSSEC verification and qname minimization, and an MTA that implements
DMARC. Out of the four name servers they've got configured, the two at
Ultradns are mishandling empty non-terminals. I get SERVFAIL responses
for slc.paypal.com and _domainkey.paypal.com, both of which are needed
for email, because their MTAs are under the former, and their DKIM keys
under the latter.
The problems are visible using dnsviz:
https://dnsviz.net/d/slc.paypal.com/dnssec/
https://dnsviz.net/d/_domainkey.paypal.com/dnssec/
I've tried writing to hostmaster at paypal.com about this, but have
received no response.
-tih
--
Most people who graduate with CS degrees don't understand the significance
of Lisp. Lisp is the most important idea in computer science. --Alan Kay
More information about the dns-operations
mailing list