http://dnsviz.net/d/_25._tcp.sisim1.systemec.nl/dnssec/
Hello,
we found messages to MONTAGEBEDRIJFVANDERPLUIJM.NL undeliverable because postfix/unbound could not fetch _25._tcp.sisim1.systemec.nl The nameservers deny the existence of _tcp.$MXhost.systemec.nl. As our unbound uses QNAME minimization that result in _25._tcp.$MXhost.systemec.nl. also fail.
dig @ns.systemec.NL. _tcp.sisim2.systemec.NL any +dnssec ;; Truncated, retrying in TCP mode.
; <<>> DiG 9.9.6-P1 <<>> @ns.systemec.NL. _tcp.sisim2.systemec.NL any +dnssec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 769 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1680 ;; QUESTION SECTION: ;_tcp.sisim2.systemec.NL. IN ANY
;; AUTHORITY SECTION: systemec.NL. 3600 IN SOA ns.systemec.NL. postmaster.systemec.NL. 2017113006 28800 7200 604800 3600 systemec.NL. 3600 IN RRSIG SOA 14 2 3600 20180125000000 20180104000000 39248 systemec.nl. mtn3UO0IJXb1WA+2qEp7kYTlqaOAU7qrUcizVJCLQ6Tuda4qgd7fPAO5 qZY9FBQdiP/l4YEEeooZJyMtQilHlLiDK7MBIarIjdNSF2qQrk5hfo1a LJzs5pNW1upEdR51 sisim2.systemec.NL. 3600 IN NSEC _25._tcp.sisim2.systemec.nl. A RRSIG NSEC sisim2.systemec.NL. 3600 IN RRSIG NSEC 14 3 3600 20180125000000 20180104000000 39248 systemec.nl. UUcvXFNUVhyOUHka2Md64YKUNVownhfBsly32lqxHYKJ62JV4/x1XXV/ ckROX7CmON8MvNyVAB8FC1p1qGdjOo+Df1jpJ7oduukbEOqCeOVWdQbO 29CrRHe+84Wl/6iz
;; Query time: 18 msec ;; SERVER: 89.20.90.102#53(89.20.90.102) ;; WHEN: Wed Jan 17 11:03:38 CET 2018 ;; MSG SIZE rcvd: 429
The expected answer is "NOERROR" because the are no valid RRs for that label bit there exist childs ( _25. ) Is the correct term for that "ENT" "Empty non terminal" ???
Maybe someone can relay that information to systemec.nl DNS admins.
We implemented a workaround via smtp_tls_policy_maps: "$DOMAIN -> may" until that is fixed.
participants (1)
-
Andreas Schulze