<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 6, 2023 at 1:39 PM Craig Leres <<a href="mailto:leres@ee.lbl.gov">leres@ee.lbl.gov</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 10/6/23 11:34, Viktor Dukhovni wrote:<br>
> While the nameservers behind that domain have various unfortunate <br>
> limitations, they're minimally usable, and you should be able to resolve <br>
> the A/AAAA records of the MX hosts with no issue. What specific problems <br>
> is your unbound running into. I also use "unbound" and do not run into <br>
> substatial issues with that domain: $ dig -t a <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> ; <<>> DiG 9.18.14 <<>> -t a <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> ;; global options: +cmd ;; Got <br>
> answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63936 ;; <br>
> flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT <br>
> PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1400 ;; QUESTION <br>
> SECTION: ;<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. IN A ;; ANSWER <br>
> SECTION: <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.73.0 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.11.6 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.8.37 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.11.5 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.73.27 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.42.12 <br>
> <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>. 300 IN A 52.101.73.31 ;; Query <br>
> time: 119 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Oct <br>
> 06 14:32:53 EDT 2023 ;; MSG SIZE rcvd: 179 So long as you don't try to <br>
> look up TLSA records, or insist on using EDNS(0), even after a FORMERR <br>
> response, you should be fine.<br>
<br>
I've had edns0 in resolv.conf for a really long time but even if I <br>
comment that out I'm still unable to deliver mail. Also I get SERVFAIL <br>
or a timeout if I lookup <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a>.<br>
<br>
Craig<br>
<br>
dot 176 % host <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a><br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.11.11<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.20<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.73.20<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.73.3<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.8.33<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.4<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.37<br>
Host <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> not found: 2(SERVFAIL)<br>
dot 177 % host <a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a><br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.4<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.37<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.11.11<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.68.20<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.73.20<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.73.3<br>
<a href="http://outlook-com.olc.protection.outlook.com" rel="noreferrer" target="_blank">outlook-com.olc.protection.outlook.com</a> has address 52.101.8.33<br>
;; communications error to 127.0.0.2#53: timed out<br>
;; communications error to 127.0.0.2#53: timed out<br>
;; no servers could be reached<br>
<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div><div><br></div><div>Interesting, it works fine with dig, but I get the same error the author does</div><div>when I use "host"<br></div><div><br></div><div>I used to know the significant differences between "host" and "dig" but I have</div><div>not used "host" in so long, I have forgotten them.</div><div><br></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">jack<br></div></div>