General DNS / SPF question

Sat Jan 7 22:09:24 UTC 2023

Hello everyone,

This is my first time posting here, and I'm not sure if it's the right 
place or not to ask my question. This is a general DNS question, 
specifically, I think, SPF.

(Btw, I do use Bind in my system, so that's why I'm here.)

I host email using SmarterMail, and all 400+ customers either use a 
regular email client (desktop app/mobile device) or the webmail interface.

One particular customer wants to use Gmail as their email client for 
sending email from their domain. I helped set up the settings at gmail 
for the SMTP server, and did the google-siteverification and added 
_include:gmail.com_ to the SPF TXT record, as well as DKIM and DMARC 
configured. I get green lights for the domain from Dmarcian (well, they 
said I had a duplicate SPF value, which I have removed).

The emails that get sent *do* arrive for other users on my email server, 
but *not* to email addresses off-server, ie; @live.com

I can see the traffic from gmail in my logs, and it appears the emails 
are sent, but they do not arrive.

Stumped. Any spare brain cells available out there would be appreciated.

Thanks,

Mik

Mik Muller, president
Montague WebWorks
20 River Street, Greenfield, MA
413-320-5336
http://MontagueWebWorks.com
Powered by ROCKETFUSION

On 1/7/2023 3:11 PM, Anders Löwinger wrote:
>
> Hi
>
> I have some trouble with the parental-agents. Anyone seen this 
> before/can give me a clue to get this working?
>
> Tried with my two recursive resolvers first, then localhost. No 
> difference.
>
> From the log
>
> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS 
> response from 2a00:f680:100:1501::32#53
> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS 
> response from 2a00:f680:10:1501::33#53
> named[3428351]: zone lowinger.se/IN (signed): checkds: empty DS 
> response from 127.0.0.1#53
>
> zone "lowinger.se" {
>
>     type primary;
>     file "lowinger.se";
>     dnssec-policy lowinger-policy;
>     inline-signing yes;
>     // parental-agents {
>     //     2a00:f680:100:1501::32;
>     //     2a00:f680:100:1501::33;
>     // };
>     parental-agents { 127.0.0.1; };
> };
>
> BIND 9.18.10-1+ubuntu22.04.1+isc+1-Ubuntu (Stable Release) <id:>*
>
> *
>
> dig has no problem resolving the DS record.
>
> # dig @127.0.0.1 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 
> BEB071CA
>
> # dig @2a00:f680:100:1501::32 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 
> BEB071CA
>
> # dig @2a00:f680:100:1501::33 lowinger.se ds +short
> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 
> BEB071CA
>
>
> -- 
> Regards / Med vänlig hälsning
> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230107/acbdc7ec/attachment-0001.htm>