* Still not possible to send mail to domain libc.org
@ 2015-04-23 18:38 Harald Becker
2015-04-23 19:59 ` Rich Felker
0 siblings, 1 reply; 16+ messages in thread
From: Harald Becker @ 2015-04-23 18:38 UTC (permalink / raw)
To: musl
Hi Rich,
it is still not possible for me to send any mail to the domain libc.org.
You can't just state this is not a failure on your side and then ignore
the rest of the thread.
The failing part is not on my side, it is the mail relay of the qmail
system, of a major provider in Germany, rejecting the messages. This is
out of my control to change anything on their systems.
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 18:38 Still not possible to send mail to domain libc.org Harald Becker
@ 2015-04-23 19:59 ` Rich Felker
2015-04-23 20:14 ` Harald Becker
0 siblings, 1 reply; 16+ messages in thread
From: Rich Felker @ 2015-04-23 19:59 UTC (permalink / raw)
To: musl
On Thu, Apr 23, 2015 at 08:38:23PM +0200, Harald Becker wrote:
> Hi Rich,
>
> it is still not possible for me to send any mail to the domain
> libc.org. You can't just state this is not a failure on your side
> and then ignore the rest of the thread.
>
> The failing part is not on my side, it is the mail relay of the
> qmail system, of a major provider in Germany, rejecting the
> messages. This is out of my control to change anything on their
> systems.
I'm not sure whether this is a bug in qmail or the recursive server
the qmail host is using -- one of them is wrongly treating timeouts as
nxdomain rather than as transient failures.
However I agree this is a serious quality of hosting issue with my
registrar's nameservers. They should not be timing out or dropping
packets like they are. I was able to reproduce the issue. So for now
I'm just going to move dns hosting for libc.org to my own nameserver.
Rich
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 19:59 ` Rich Felker
@ 2015-04-23 20:14 ` Harald Becker
2015-04-23 20:52 ` Rich Felker
0 siblings, 1 reply; 16+ messages in thread
From: Harald Becker @ 2015-04-23 20:14 UTC (permalink / raw)
To: musl
Hi Rich !
On 23.04.2015 21:59, Rich Felker wrote:
> However I agree this is a serious quality of hosting issue with my
> registrar's nameservers. They should not be timing out or dropping
> packets like they are. I was able to reproduce the issue. So for now
> I'm just going to move dns hosting for libc.org to my own nameserver.
I'm unsure, if this is a random or quality of service problem. If so it
should be possible to get at least some messages through to your mail
address, but none of 10 successive tries to send messages to you, have
been accepted.
I know this is not a prove, but it looks more like a general problem ...
most likely, the mail relay is expecting to have the MX lookup return an
IP address, not a name.
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 20:14 ` Harald Becker
@ 2015-04-23 20:52 ` Rich Felker
2015-04-23 21:25 ` Harald Becker
0 siblings, 1 reply; 16+ messages in thread
From: Rich Felker @ 2015-04-23 20:52 UTC (permalink / raw)
To: musl
On Thu, Apr 23, 2015 at 10:14:41PM +0200, Harald Becker wrote:
> Hi Rich !
>
> On 23.04.2015 21:59, Rich Felker wrote:
> >However I agree this is a serious quality of hosting issue with my
> >registrar's nameservers. They should not be timing out or dropping
> >packets like they are. I was able to reproduce the issue. So for now
> >I'm just going to move dns hosting for libc.org to my own nameserver.
>
> I'm unsure, if this is a random or quality of service problem. If so
> it should be possible to get at least some messages through to your
> mail address, but none of 10 successive tries to send messages to
> you, have been accepted.
Indeed, that does sound odd. I've filed a ticket with my registrar and
for now I'm moving DNS hosting to my own nameserver but it may take 24
hours to update and propagate. Hopefully that fixes things.
> I know this is not a prove, but it looks more like a general problem
> ... most likely, the mail relay is expecting to have the MX lookup
> return an IP address, not a name.
MX is never an IP address; that's not even valid and not possible to
represent in DNS. It's always a name, and it's required to be an A
record, not a CNAME. Check MX for any other domain and you'll find an
A record.
Rich
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 20:52 ` Rich Felker
@ 2015-04-23 21:25 ` Harald Becker
2015-04-23 21:43 ` Harald Becker
` (2 more replies)
0 siblings, 3 replies; 16+ messages in thread
From: Harald Becker @ 2015-04-23 21:25 UTC (permalink / raw)
To: musl
Hi Rich !
On 23.04.2015 22:52, Rich Felker wrote:
> Indeed, that does sound odd. I've filed a ticket with my registrar and
> for now I'm moving DNS hosting to my own nameserver but it may take 24
> hours to update and propagate. Hopefully that fixes things.
So let me retry the message tests tomorrow.
>> I know this is not a prove, but it looks more like a general problem
>> ... most likely, the mail relay is expecting to have the MX lookup
>> return an IP address, not a name.
>
> MX is never an IP address; that's not even valid and not possible to
> represent in DNS. It's always a name, and it's required to be an A
> record, not a CNAME. Check MX for any other domain and you'll find an
> A record.
I'm not a DNS expert, so I may not use the correct notation.
Currently the lookup has got even more ugly:
nslookup -q=mx libc.org
returns: brightrain.aerifal.cx
... but when I try to do MX lookup for brightrain.aerifal.cx, I can't
get any authoritative address, only for A records.
Are you able to add also an MX entry for brightrain.aerifal.cx ?
All the other domains I tried return an authoritative address for MX
lookups too, not only for A record lookup.
I searched a bit on the net, and may be this hits a qmail DNS lookup
problem disused at different places. Looks like they are fighting which
strategy is best for the lookups ... this is bad, but I can't do
anything here.
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:25 ` Harald Becker
@ 2015-04-23 21:43 ` Harald Becker
2015-04-23 21:44 ` Rich Felker
2015-04-23 21:55 ` Harald Becker
2 siblings, 0 replies; 16+ messages in thread
From: Harald Becker @ 2015-04-23 21:43 UTC (permalink / raw)
To: musl
May be this is involved in the problem:
https://lists.isc.org/pipermail/bind-users/1999-June/000649.html
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:25 ` Harald Becker
2015-04-23 21:43 ` Harald Becker
@ 2015-04-23 21:44 ` Rich Felker
2015-04-23 22:04 ` Harald Becker
2015-04-23 21:55 ` Harald Becker
2 siblings, 1 reply; 16+ messages in thread
From: Rich Felker @ 2015-04-23 21:44 UTC (permalink / raw)
To: musl
On Thu, Apr 23, 2015 at 11:25:00PM +0200, Harald Becker wrote:
> Hi Rich !
>
> On 23.04.2015 22:52, Rich Felker wrote:
> >Indeed, that does sound odd. I've filed a ticket with my registrar and
> >for now I'm moving DNS hosting to my own nameserver but it may take 24
> >hours to update and propagate. Hopefully that fixes things.
>
> So let me retry the message tests tomorrow.
>
> >>I know this is not a prove, but it looks more like a general problem
> >>... most likely, the mail relay is expecting to have the MX lookup
> >>return an IP address, not a name.
> >
> >MX is never an IP address; that's not even valid and not possible to
> >represent in DNS. It's always a name, and it's required to be an A
> >record, not a CNAME. Check MX for any other domain and you'll find an
> >A record.
>
> I'm not a DNS expert, so I may not use the correct notation.
I can see. :-)
> Currently the lookup has got even more ugly:
>
> nslookup -q=mx libc.org
>
> returns: brightrain.aerifal.cx
>
> .... but when I try to do MX lookup for brightrain.aerifal.cx, I
> can't get any authoritative address, only for A records.
This is expected.
> Are you able to add also an MX entry for brightrain.aerifal.cx ?
Why would you need one? An MX for brightrain.aerifal.cx would tell
where to deliver mail sent to user@brightrain.aerifal.cx; it has
nothing to do with mail sent to user@libc.org.
> All the other domains I tried return an authoritative address for MX
> lookups too, not only for A record lookup.
>
> I searched a bit on the net, and may be this hits a qmail DNS lookup
> problem disused at different places. Looks like they are fighting
> which strategy is best for the lookups ... this is bad, but I can't
> do anything here.
qmail is seriously buggy which is why most people abandoned it more
than a decade ago...
Rich
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:44 ` Rich Felker
@ 2015-04-23 22:04 ` Harald Becker
0 siblings, 0 replies; 16+ messages in thread
From: Harald Becker @ 2015-04-23 22:04 UTC (permalink / raw)
To: musl
> qmail is seriously buggy which is why most people abandoned it more
> than a decade ago...
... now tell this a big provider with millions of customers (I think
they serve over 50 million mail addresses) :(
... sorry for inconvenience, but if I got a different opportunity, I
would take that. I have to use the mail relay as other recipients reject
mail when not send through the relay (for SPAM avoidance), and the two
major providers in Germany use nearly identical mail systems.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:25 ` Harald Becker
2015-04-23 21:43 ` Harald Becker
2015-04-23 21:44 ` Rich Felker
@ 2015-04-23 21:55 ` Harald Becker
2015-04-23 22:08 ` Harald Becker
2015-04-23 22:33 ` Rich Felker
2 siblings, 2 replies; 16+ messages in thread
From: Harald Becker @ 2015-04-23 21:55 UTC (permalink / raw)
To: musl
Hi Rich,
extending my search on qhe net I found the following:
All of the senders experiencing the bounced messages mentioning cname
lookup failure appear to be running the qmail mail server software.
Qmail, if not using a third party patch that was written in the late
90’s, has an issue sending to domains whose name servers respond to DNS
queries of type “ANY” with more than 512 bytes of data; that is a bug in
qmail and the author has never fixed it because he wants you to use his
DNS server software which also eliminates the issue in a different way.
Google’s name servers do respond to queries of type “ANY” with more than
512 bytes of data, so when an unpatched qmail server tries to send an
email to a domain whose lowest cost MX record ends in .google.com, qmail
is going to do a DNS query of type ANY against one of google.com’s
authoritative name servers, get back more than it can correctly handle
and defer repeatedly until ultimately bouncing the message with that
cname lookup failure…
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:55 ` Harald Becker
@ 2015-04-23 22:08 ` Harald Becker
2015-04-23 22:20 ` Harald Becker
2015-04-23 22:33 ` Rich Felker
1 sibling, 1 reply; 16+ messages in thread
From: Harald Becker @ 2015-04-23 22:08 UTC (permalink / raw)
To: musl
On 23.04.2015 23:55, Harald Becker wrote:
> Hi Rich,
>
> extending my search on qhe net I found the following:
>
> All of the senders experiencing the bounced messages mentioning cname
> lookup failure appear to be running the qmail mail server software.
>
> Qmail, if not using a third party patch that was written in the late
> 90’s, has an issue sending to domains whose name servers respond to DNS
> queries of type “ANY” with more than 512 bytes of data; that is a bug in
> qmail and the author has never fixed it because he wants you to use his
> DNS server software which also eliminates the issue in a different way.
>
> Google’s name servers do respond to queries of type “ANY” with more than
> 512 bytes of data, so when an unpatched qmail server tries to send an
> email to a domain whose lowest cost MX record ends in .google.com, qmail
> is going to do a DNS query of type ANY against one of google.com’s
> authoritative name servers, get back more than it can correctly handle
> and defer repeatedly until ultimately bouncing the message with that
> cname lookup failure…
Sorry I forgot to add the link:
https://productforums.google.com/d/msg/apps/mIGTQVZiFxo/ULesU7hOo6wJ
>
> Harald
>
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 21:55 ` Harald Becker
2015-04-23 22:08 ` Harald Becker
@ 2015-04-23 22:33 ` Rich Felker
2015-04-23 22:48 ` Harald Becker
1 sibling, 1 reply; 16+ messages in thread
From: Rich Felker @ 2015-04-23 22:33 UTC (permalink / raw)
To: musl
On Thu, Apr 23, 2015 at 11:55:30PM +0200, Harald Becker wrote:
> Hi Rich,
>
> extending my search on qhe net I found the following:
>
> All of the senders experiencing the bounced messages mentioning
> cname lookup failure appear to be running the qmail mail server
> software.
Again there are no CNAMEs involved.
> Qmail, if not using a third party patch that was written in the late
> 90’s, has an issue sending to domains whose name servers respond to
> DNS queries of type “ANY” with more than 512 bytes of data; that is
> a bug in qmail and the author has never fixed it because he wants
> you to use his DNS server software which also eliminates the issue
> in a different way.
Responses larger than 512 bytes are not supported over UDP and are
rarely used. I saw some replies close to that long but none of them
had the TC (truncation) bit set, so I don't think that's your issue
either.
Rich
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 22:33 ` Rich Felker
@ 2015-04-23 22:48 ` Harald Becker
2015-04-23 23:20 ` Rich Felker
0 siblings, 1 reply; 16+ messages in thread
From: Harald Becker @ 2015-04-23 22:48 UTC (permalink / raw)
To: musl; +Cc: Rich Felker
On 24.04.2015 00:33, Rich Felker wrote:
> On Thu, Apr 23, 2015 at 11:55:30PM +0200, Harald Becker wrote:
>> Hi Rich,
>>
>> extending my search on qhe net I found the following:
>>
>> All of the senders experiencing the bounced messages mentioning
>> cname lookup failure appear to be running the qmail mail server
>> software.
>
> Again there are no CNAMEs involved.
I think several authors use the term CNAME when they see a name return
like brightrain, which is not the sense of DNS CNAME :(
>> Qmail, if not using a third party patch that was written in the late
>> 90’s, has an issue sending to domains whose name servers respond to
>> DNS queries of type “ANY” with more than 512 bytes of data; that is
>> a bug in qmail and the author has never fixed it because he wants
>> you to use his DNS server software which also eliminates the issue
>> in a different way.
>
> Responses larger than 512 bytes are not supported over UDP and are
> rarely used. I saw some replies close to that long but none of them
> had the TC (truncation) bit set, so I don't think that's your issue
> either.
So what did you change, as it now works?
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 22:48 ` Harald Becker
@ 2015-04-23 23:20 ` Rich Felker
2015-04-23 23:38 ` Harald Becker
0 siblings, 1 reply; 16+ messages in thread
From: Rich Felker @ 2015-04-23 23:20 UTC (permalink / raw)
To: musl
On Fri, Apr 24, 2015 at 12:48:57AM +0200, Harald Becker wrote:
> On 24.04.2015 00:33, Rich Felker wrote:
> >On Thu, Apr 23, 2015 at 11:55:30PM +0200, Harald Becker wrote:
> >>Hi Rich,
> >>
> >>extending my search on qhe net I found the following:
> >>
> >>All of the senders experiencing the bounced messages mentioning
> >>cname lookup failure appear to be running the qmail mail server
> >>software.
> >
> >Again there are no CNAMEs involved.
>
> I think several authors use the term CNAME when they see a name
> return like brightrain, which is not the sense of DNS CNAME :(
No, CNAME definitely means CNAME. There is no way to store an IP
address in an MX record. The form for IP addresses is completely
different than for names, and if other records like MX (vs just A) had
stored IP addresses, adding IPv6 to DNS would be a lot more
complicated than just adding AAAA records.
> >>Qmail, if not using a third party patch that was written in the late
> >>90’s, has an issue sending to domains whose name servers respond to
> >>DNS queries of type “ANY” with more than 512 bytes of data; that is
> >>a bug in qmail and the author has never fixed it because he wants
> >>you to use his DNS server software which also eliminates the issue
> >>in a different way.
> >
> >Responses larger than 512 bytes are not supported over UDP and are
> >rarely used. I saw some replies close to that long but none of them
> >had the TC (truncation) bit set, so I don't think that's your issue
> >either.
>
> So what did you change, as it now works?
Nothing further. I suspect it was just a matter of changes propagating
to your ISP's nameservers so that they see the new records for the
libc.org domain.
Since my registrar seems to want to fix whatever's wrong, I might see
if we can reproduce the issue with another domain hosted with them so
as not to break libc.org for you again in the meantime. Let's take
that off-list though.
Rich
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Still not possible to send mail to domain libc.org
2015-04-23 23:20 ` Rich Felker
@ 2015-04-23 23:38 ` Harald Becker
0 siblings, 0 replies; 16+ messages in thread
From: Harald Becker @ 2015-04-23 23:38 UTC (permalink / raw)
To: musl
Hi Rich !
On 24.04.2015 01:20, Rich Felker wrote:
> Nothing further. I suspect it was just a matter of changes propagating
> to your ISP's nameservers so that they see the new records for the
> libc.org domain.
>
> Since my registrar seems to want to fix whatever's wrong, I might see
> if we can reproduce the issue with another domain hosted with them so
> as not to break libc.org for you again in the meantime. Let's take
> that off-list though.
Let me know, if I can help you with the tests. It won't harm, if we get
failures for libc.org again, as long as we can find the reason, and fix
that in the final state.
Harald
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2015-04-23 23:38 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-23 18:38 Still not possible to send mail to domain libc.org Harald Becker
2015-04-23 19:59 ` Rich Felker
2015-04-23 20:14 ` Harald Becker
2015-04-23 20:52 ` Rich Felker
2015-04-23 21:25 ` Harald Becker
2015-04-23 21:43 ` Harald Becker
2015-04-23 21:44 ` Rich Felker
2015-04-23 22:04 ` Harald Becker
2015-04-23 21:55 ` Harald Becker
2015-04-23 22:08 ` Harald Becker
2015-04-23 22:20 ` Harald Becker
2015-04-23 22:28 ` Harald Becker
2015-04-23 22:33 ` Rich Felker
2015-04-23 22:48 ` Harald Becker
2015-04-23 23:20 ` Rich Felker
2015-04-23 23:38 ` Harald Becker
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).