General DNS / SPF question

Mark Andrews marka at isc.org
Sat Jan 7 22:43:12 UTC 2023 

Please don’t hijack an existing thread by replying to an existing message for a unrelated subject. It is bad form. Just create a new message and send it to bind-users at isc.org. 

-- 
Mark Andrews

> On 8 Jan 2023, at 09:07, Michael Muller via bind-users <bind-users at lists.isc.org> wrote:
> 
> 
> Hello everyone,
> 
> This is my first time posting here, and I'm not sure if it's the right place or not to ask my question. This is a general DNS question, specifically, I think, SPF.
> 
> (Btw, I do use Bind in my system, so that's why I'm here.)
> 
> I host email using SmarterMail, and all 400+ customers either use a regular email client (desktop app/mobile device) or the webmail interface.
> 
> One particular customer wants to use Gmail as their email client for sending email from their domain. I helped set up the settings at gmail for the SMTP server, and did the google-siteverification and added include:gmail.com to the SPF TXT record, as well as DKIM and DMARC configured. I get green lights for the domain from Dmarcian (well, they said I had a duplicate SPF value, which I have removed).
> 
> The emails that get sent *do* arrive for other users on my email server, but *not* to email addresses off-server, ie; @live.com
> 
> I can see the traffic from gmail in my logs, and it appears the emails are sent, but they do not arrive.
> 
> Stumped. Any spare brain cells available out there would be appreciated.
> 
> Thanks,
> 
> Mik
> 
> Mik Muller, president
> Montague WebWorks
> 20 River Street, Greenfield, MA
> 413-320-5336
> http://MontagueWebWorks.com
> Powered by ROCKETFUSION
> On 1/7/2023 3:11 PM, Anders Löwinger wrote:
>> Hi
>> 
>> I have some trouble with the parental-agents. Anyone seen this before/can give me a clue to get this working?
>> 
>> Tried with my two recursive resolvers first, then localhost. No difference.
>> 
>> From the log
>> 
>> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response from 2a00:f680:100:1501::32#53
>> named[3420650]: zone lowinger.se/IN (signed): checkds: empty DS response from 2a00:f680:10:1501::33#53
>> named[3428351]: zone lowinger.se/IN (signed): checkds: empty DS response from 127.0.0.1#53
>> 
>> zone "lowinger.se" {
>> 
>>     type primary;
>>     file "lowinger.se";
>>     dnssec-policy lowinger-policy;
>>     inline-signing yes;
>>     // parental-agents {
>>     //     2a00:f680:100:1501::32;
>>     //     2a00:f680:100:1501::33;
>>     // };                                                                                              
>>     parental-agents { 127.0.0.1; };
>> };
>> 
>> BIND 9.18.10-1+ubuntu22.04.1+isc+1-Ubuntu (Stable Release) <id:>
>> 
>> 
>> dig has no problem resolving the DS record.
>> 
>> # dig @127.0.0.1 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> # dig @2a00:f680:100:1501::32 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> # dig @2a00:f680:100:1501::33 lowinger.se ds +short
>> 59647 14 2 825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4 BEB071CA
>> 
>> 
>> 
>> 
>> -- 
>> Regards / Med vänlig hälsning
>> Anders Löwinger, CEO, Abundo AB, +46 72 206 0322
>> 
>> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230108/5d6f40dd/attachment.htm>

More information about the bind-users mailing list