broken ISP in china
David Forrest
drf at maplepark.com
Tue Feb 19 00:25:42 UTC 2013
On Mon, 18 Feb 2013, Lyle Giese wrote:
> I am cross posting this as it might be a dns issue, but it effects email
> directly. And I am quite aware of the 'Great Chinese Firewall' and realized
> that may be a large part of the issue.
>
> LCR's mail filter and mail servers are all in the lcrcomputer.net domain.
>
> Recently I moved this domain(lcrcomputer.net) to a registrar that suports
> DNSSEC and inserted the DS record for this domain. I checked DNSSEC via
> http://dnsviz.net and http://dnssec-debugger.verisignlabs.com. Both show
> DNSSEC is working just fine for lcrcomputer.net.
>
> However, shortly after that one of my customers stopped receiving email from
> one of their clients in China. They just brought that to my attention and I
> tried to email the client in China and got this back:
>
> For <robin at xxxxx.com.cn> <mailto:robin at medtecs.com.cn>, Site
> (xxxxx.com.cn/<ipv4 address>) said: 559 sorry , your helo/ehlo and domain in
> mail are invalid, you don't connect from there. (#5.5.9)
>
> Because this started within 24 hours of when I published the DS record for
> lcrcomputer.net, I am assuming that this is related.
Your nameserver seem to be answering fine in ipV6 +dnssec +norec:
http://pastebin.com/S9LM6a59
Does your customer have a SPF record with old info (you show no TXT or SPF
RRs) ?
Dave
--
David Forrest St. Louis, Missouri
More information about the bind-users
mailing list