[opensuse] mailservers and reverse DNS ?
Carlos E. R. wrote:
On 2015-04-14 08:28, Per Jessen wrote:
Carlos E. R. wrote:
"a bad ISP that (apparently) can't setup reverse DNS" - yes, we have one or two of those too. Not necessarily bad as such, more lazy and inexperienced staff. Same for the admin who chose them though.
Well, it is the biggest, older, and most powerful ISP here, so not inexperienced.
Being the biggest, oldest and/or the most powerful does not preclude being inexperienced or lazy :-(
They simply do not want to, or the channels to get such things working are not known or open.
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles. -- Per Jessen, Zürich (11.0°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 15/04/2015 08:51, Per Jessen a écrit :
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
my own ISP (home, "Free"), accept *one* reverse dns setup and this setup can no more be changed... even if it's no more meaningfull :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 15/04/2015 08:51, Per Jessen a écrit :
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
my own ISP (home, "Free"), accept *one* reverse dns setup and this setup can no more be changed... even if it's no more meaningfull :-)
That's not too bad, although it it certainly ought to be changeable. -- Per Jessen, Zürich (20.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 09:35 AM, Per Jessen wrote:
That's not too bad, although it it certainly ought to be changeable.
With my ISP, I get one IPv4 address and a host name that's tied to the cable modem and firewall MAC addresses. There is no way to change it. I am using a DNS service that provides a few aliases to that host name, as well as AAAA records for my IPv6 addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/15/2015 09:35 AM, Per Jessen wrote:
That's not too bad, although it it certainly ought to be changeable.
With my ISP, I get one IPv4 address and a host name that's tied to the cable modem and firewall MAC addresses. There is no way to change it.
Is that a fixed IP service? -- Per Jessen, Zürich (20.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 09:56 AM, Per Jessen wrote:
With my ISP, I get one IPv4 address and a host name that's tied to the
cable modem and firewall MAC addresses. There is no way to change it. Is that a fixed IP service?
No, I have a dynamic IPv4 address, but it changes so seldom that it's virtually static. The host name changes only with a hardware change. My IPv6 addresses are static (actually both static and dynamic, as most devices also support "privacy addresses"). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 08:52 AM, James Knott wrote:
On 04/15/2015 09:35 AM, Per Jessen wrote:
That's not too bad, although it it certainly ought to be changeable. With my ISP, I get one IPv4 address and a host name that's tied to the cable modem and firewall MAC addresses. There is no way to change it. I am using a DNS service that provides a few aliases to that host name, as well as AAAA records for my IPv6 addresses.
Man, I must have lucked out. I host my domains at domaindiscover.com and I (me) manage the DNS records for all domains. Primary/Backup Mx records, A, Cname, etc. I can point them anywhere in the world. If others are more limited, then find a host that provides you the ability to manage your own TLD records. Never had an issue. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
David C. Rankin wrote:
On 04/15/2015 08:52 AM, James Knott wrote:
That's not too bad, although it it certainly ought to be changeable. With my ISP, I get one IPv4 address and a host name that's tied to
On 04/15/2015 09:35 AM, Per Jessen wrote: the cable modem and firewall MAC addresses. There is no way to change it. I am using a DNS service that provides a few aliases to that host name, as well as AAAA records for my IPv6 addresses.
Man,
I must have lucked out. I host my domains at domaindiscover.com and I (me) manage the DNS records for all domains. Primary/Backup Mx records, A, Cname, etc. I can point them anywhere in the world. If others are more limited, then find a host that provides you the ability to manage your own TLD records. Never had an issue.
Hi David you're not lucky, what you describe is pretty much the norm. We're talking about reverse mapping entries, where the ISP is typically the only one in charge, except where they have delegated the reverse mapping to the customer. -- Per Jessen, Zürich (14.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 02:59 AM, Per Jessen wrote:
Hi David
you're not lucky, what you describe is pretty much the norm. We're talking about reverse mapping entries, where the ISP is typically the only one in charge, except where they have delegated the reverse mapping to the customer.
Good, I guess my ISP got it right because my mail goes through from all domains from the 2 mail servers I have... -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
We're talking about reverse mapping entries, where the ISP is typically the only one in charge, except where they have delegated the reverse mapping to the customer.
I remember I had to go through extra hoops to get the ipv4 reverse domain settings setup correctly for my domain. If comcast suddenly gave me an ipv6 addr in substitution for my ipv4, I wouldn't expect the reverse route to automatically start working... would be nice, but I'd think it highly unlikely. Considering 'dig' for my domain has no ipv6 records though, I'd also consider it a 'bug' to suddenly start routing my traffic over ipv6 just because my machine could speak ipv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Linda Walsh wrote:
Per Jessen wrote:
We're talking about reverse mapping entries, where the ISP is typically the only one in charge, except where they have delegated the reverse mapping to the customer.
I remember I had to go through extra hoops to get the ipv4 reverse domain settings setup correctly for my domain. If comcast suddenly gave me an ipv6 addr in substitution for my ipv4,
They almost certainly gave you an IPv6 address in _addition_ to your IPv4 address.
I wouldn't expect the reverse route to automatically start working... would be nice, but I'd think it highly unlikely.
I'm not sure, but I think reverse mapping for IPv6 addresses is likely to be the exception, not the rule.
Considering 'dig' for my domain has no ipv6 records though, I'd also consider it a 'bug' to suddenly start routing my traffic over ipv6 just because my machine could speak ipv6.
Well no, not really - it's not about your domain. By default, your machine prefers IPv6 over IPv4, so when a DNS lookup of "lists.samba.org" returns [2001:470:1f05:1a07::1], it checks to see if there is a route for that - given that you had an interface with a public IPv6 address, that would be available. -- Per Jessen, Zürich (13.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
They almost certainly gave you an IPv6 address in _addition_ to your IPv4 address.
Actually, not -- I've had their service for about 8 years, and they didn't have IPV6 available to even 'test' with as of 5-6 years ago. They upgraded my modem about 3-4 years ago -- and it is configurable w/ipv6, but they didn't have route-able connectivity at that point. I've never had a routable, working ipv6 interface on my external side until maybe within the past few months.
I wouldn't expect the reverse route to automatically start working... would be nice, but I'd think it highly unlikely.
I'm not sure, but I think reverse mapping for IPv6 addresses is likely to be the exception, not the rule.
Considering 'dig' for my domain has no ipv6 records though, I'd also consider it a 'bug' to suddenly start routing my traffic over ipv6 just because my machine could speak ipv6.
Well no, not really - it's not about your domain. By default, your machine prefers IPv6 over IPv4.
--- No, not really -- ipv6 networking is usually NOT built into my kernel unless I am testing. Since the ipv6 networking is absent on my machine, "by default", I'm pretty sure it doesn't prefer it. I was going to try some more ipv6 testing, and, about 2 months ago, had re-enabled it. It wasn't until last month that I started having problems -- and I just found out why:
James Knott wrote:
In general, if there's an IPv6 route to the destination, it will be preferred to IPv4.
Yes, it's controlled by /etc/gai.conf.
Before March 11 (last month), my gai.conf file had: (ignoring comments): precedence ::ffff:0:0/96 100 scopev4 ::ffff:10.0.0.0/104 14 scopev4 ::ffff:172.16.0.0/108 14 scopev4 ::ffff:192.168.0.0/112 14 I just now found out that /etc/gai.conf is a part of glibc, which I upgraded last month to "13.2" -- in doing so, I overwrote my previous settings with the new default. In any event, my current kernel doesn't have ipv6 config'd in, and the ipv6 related problems went away. It's news to me that comcast now has end-to-end ipv6 connectivity. Will have to see if the gai.conf has fixed another DNS related problem. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 04:13 PM, Linda Walsh wrote:
Well no, not really - it's not about your domain. By default, your machine prefers IPv6 over IPv4.
No, not really -- ipv6 networking is usually NOT built into my kernel unless I am testing. Since the ipv6 networking is absent on my machine, "by default",
But then, you're not using the default kernel. ;-) If you install openSUSE, without changing the kernel, it will be capable of IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-04-15 08:51, Per Jessen wrote:
Carlos E. R. wrote:
On 2015-04-14 08:28, Per Jessen wrote:
Carlos E. R. wrote:
Well, it is the biggest, older, and most powerful ISP here, so not inexperienced.
Being the biggest, oldest and/or the most powerful does not preclude being inexperienced or lazy :-(
Experienced they are, by the definition of the word. Obtuse, ignorant, lazy, whatever... yes, very possibly.
They simply do not want to, or the channels to get such things working are not known or open.
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
I'm unsure. Not actually refuse, perhaps, but the people we can talk with are ignorant of what it is, of what to do to get it. Maybe you can get it if you are a big enough client. Or if you contract the direct dns from them as well. Try www.madrid.org, for instance. The reverse dns gives "not found", and it is a government site. Just the first one I tried now. Its mail server, though, does have it. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlUud0EACgkQja8UbcUWM1xbGAD/af1tRCHMdjBc1+P3zMEeP2Ly 0Bd7VY/GsesWa+NU2OgA/1eXAu7j6nl4NUjdR11ED4zDFZn+/XW35Fhyy6ftSGM5 =IBmq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
They simply do not want to, or the channels to get such things working are not known or open.
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
I'm unsure. Not actually refuse, perhaps, but the people we can talk with are ignorant of what it is, of what to do to get it. Maybe you can get it if you are a big enough client. Or if you contract the direct dns from them as well.
Try www.madrid.org, for instance. The reverse dns gives "not found", and it is a government site. Just the first one I tried now.
www.madrid.org is distributed via akamai cdn - it's their IP, their reverse DNS. For non-ssl webservers/nodes, lack of a reverse DNS is not really a big deal. With my purist hat on, I would say it should have a reverse DNS, but it's not important.
Its mail server, though, does have it.
Yes, but it's buggy - mail.madrid.org = 195.77.128.11, which has two PTR records, a clear indication of incompetence or inexperience (or both). -- Per Jessen, Zürich (21.7°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/14/2015 11:51 PM, Per Jessen wrote:
Carlos E. R. wrote:
On 2015-04-14 08:28, Per Jessen wrote:
Carlos E. R. wrote:
"a bad ISP that (apparently) can't setup reverse DNS" - yes, we have one or two of those too. Not necessarily bad as such, more lazy and inexperienced staff. Same for the admin who chose them though. Well, it is the biggest, older, and most powerful ISP here, so not inexperienced. Being the biggest, oldest and/or the most powerful does not preclude being inexperienced or lazy :-(
They simply do not want to, or the channels to get such things working are not known or open. They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
Welcome to the real world... At least in the US. There is much to boggle the mind I have business class service (necessary with my ISP to get fixed IP addresses... I have a block of 14) and their residential side mail servers reject email from my email server... And the IS a PTR record, but it doesn't match my domain. In fairness, this behaviour just started in the last week and it may be that some warm and wonderful human being has decided to become excessively pedantic or just plain made a mistake. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bruce Ferrell wrote:
On 04/14/2015 11:51 PM, Per Jessen wrote:
Carlos E. R. wrote:
On 2015-04-14 08:28, Per Jessen wrote:
Carlos E. R. wrote:
"a bad ISP that (apparently) can't setup reverse DNS" - yes, we have one or two of those too. Not necessarily bad as such, more lazy and inexperienced staff. Same for the admin who chose them though. Well, it is the biggest, older, and most powerful ISP here, so not inexperienced. Being the biggest, oldest and/or the most powerful does not preclude being inexperienced or lazy :-(
They simply do not want to, or the channels to get such things working are not known or open. They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
Welcome to the real world... At least in the US. There is much to boggle the mind
Haha, too true. I frequently encourage new customers to get a reverse DNS mapping for their mailserver if they haven't - I also get to hear some horror stories. It's usually the bigger ISPs that are lazy (or incompetent), the smaller one are much more nimble and service oriented.
I have business class service (necessary with my ISP to get fixed IP addresses... I have a block of 14) and their residential side mail servers reject email from my email server... And the IS a PTR record, but it doesn't match my domain.
I guess you have a /28 - has/does your provider actually refused to setup reverse DNS? -- Per Jessen, Zürich (21.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 12:24 PM, Bruce Ferrell wrote:
At least in the US. There is much to boggle the mind
I have business class service (necessary with my ISP to get fixed IP addresses... I have a block of 14) and their residential side mail servers reject email from my email server... And the IS a PTR record, but it doesn't match my domain.
In fairness, this behaviour just started in the last week and it may be that some warm and wonderful human being has decided to become excessively pedantic or just plain made a mistake.
With many ISP its a bit more .... Difficult ... Because its a shared service. My domain, @antonaylward.com, is supported by Dreamhost. It has a proper DNS record and MX record :-) "dig" reports ;; ANSWER SECTION: antonaylward.com. 3023 IN A 66.33.210.248 and ;; ANSWER SECTION: antonaylward.com. 14399 IN MX 0 mx2.sub5.homie.mail.dreamhost.com. antonaylward.com. 14399 IN MX 0 mx1.sub5.homie.mail.dreamhost.com. And of course the store and forward works. But some MTUs are paranoid about spoofing and perform a forward-backward-forward check. antonaylward.com -> 66.33.210.248 Now what does a reverse lookup of 66.33.210.248 give? if its not "antonaylward.com" then something is wrong, someone is trying to spoof the domain! Well "OBVIOUSLY"! ;; ANSWER SECTION: 248.210.33.66.in-addr.arpa. 300 IN PTR apache2-pat.bellhop.dreamhost.com. "OBVIOUSLY"! Now I realise that if you have a dedicated service, either static IP or a very good DHCP+DNS, that is a different case. But never the less, your ISP may still have a different forward-back-ward-forward result. How paranoid do you want the global internet email service to be? How pedantic? This kind of 'security' might have been applicable from the beginning if everyone agreed, but that didn't happen and we have content based authentication, things like DKIM-Signatures, which the hackers seem to have mastered. If I really want message security I'll use PGP. Zimmerman was a genius; I don't thing PGP has been bettered. Many complain that its too technical, but I don't think that's the case. The setup with Thunderbird under Linux is less complicated that looking up the address of MrOil in the phone book and driving there to get your oil changed and a 12-point inspection done. If I want channel security that's another matter. Yes I can set up a VPN tunnel, but I still need DNS to find the address of the other end. DNS, properly functioning DNS, accurate and secure DNS is so essential to the functioning of the Internet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
But some MTUs are paranoid about spoofing and perform a forward-backward-forward check.
It's pretty standard actually - the MTA will do a reverse lookup, then a forward lookup. For one of your MX records: 208.113.200.127 => peon2454.g.dreamhost.com peon2454.g.dreamhost.com => 208.113.200.127 Good.
antonaylward.com -> 66.33.210.248
As your domain has MX records, nobody is going to look at that entry in a context of mail delivery. Only if "antonaylward.com" had no MX records, would the MTA default to looking at that IP (as a potential mailserver). -- Per Jessen, Zürich (14.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 03:45 AM, Per Jessen wrote:
antonaylward.com -> 66.33.210.248 As your domain has MX records, nobody is going to look at that entry in a context of mail delivery. Only if "antonaylward.com" had no MX records, would the MTA default to looking at that IP (as a potential mailserver).
I think you are making - a quite reasonable but unsupportable - assumption there. Its that all MTAs will act the way you think they should. One strategy is this: FIRST: If a site has an A record try delivering there. If there is no SMTP)s_ port of is the exchaneg fails then ... NEXT: If a site has a MX record then deliver to the MX address and let them worry about it. Hopefully is has a SMTP9s) port and is configured to store and forward --------- OR -------- Start with the MX site. So which do you think is the correct approach? I was brought up to the first, perhaps on the basis that some sites were poorly configued at the DNS level and didn't have or display MX. But this was back in the days of "open smtp" where it didn't matter, you could punt your email to any site (preferbaly on the backbone) and it would store-and-forward and, eventually, mail would get to its desired destination. Now we no longer have, thank you malicious agents, an open relay service :-( Back in those days of old it was considered good practice to have your name servers geographically dispersed. The root name servers are. Differnt techtonic plates. Diferent electrical grids. Differnt backbone providers. Can you say "resiliance"? Now we have this: ;; AUTHORITY SECTION: rogers.com. 799 IN NS ns3.wlfdle.rnc.net.cable.rogers.com. rogers.com. 799 IN NS ns2.ym.rnc.net.cable.rogers.com. rogers.com. 799 IN NS ns2.wlfdle.rnc.net.cable.rogers.com. rogers.com. 799 IN NS ns3.ym.rnc.net.cable.rogers.com. Those are on just 2 subnets 64.71.246.x 24.153.22.x They both hang off the same sub-branch! What's the logic here? Some years ago I dealt with a ISP in downtown Toronto. They had little to no UPS/DR capability. Their reasoning was that is they went down does to a power failure then so did all their clients since they were in the same building or the same city block/power-feed. You can see the failure in reasoning here? I think Rogers have a similar line of reasoning; if their backbone goes down so does that of all their clients. So its not an issue. But what of outsiders trying to send mail to rogers or rogers' clients such as myself? Personally I don't think the "try MX first" is a good strategy. Hmm. I should look up the RFCs and also see what Cricket has to say about it. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 16 Apr 2015 09:27:52 -0400 Anton Aylward wrote:
Personally I don't think the "try MX first" is a good strategy.
Hi Anton ... am enjoying watching this thread. :-) Just a quick couple of comments here (from my work) ... I recently published a website by simply changing the A record IP address and was bitten by the Implicit MX rule: http://www.openspf.org/FAQ/Implicit_MX_rule Not explicitly designating mail exchangers effectively locks the routing of mail to the A record IP address. If you have no mail services running there, the sender will retry until the defined permanent delivery failure state is reached and sending just fails. At least, this is my experience. regards, Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carl Hartung wrote:
Not explicitly designating mail exchangers effectively locks the routing of mail to the A record IP address. If you have no mail services running there, the sender will retry until the defined permanent delivery failure state is reached and sending just fails. At least, this is my experience.
Yup, that is how it works. Did it actually cause a problem for you? -- Per Jessen, Zürich (22.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 16 Apr 2015 16:21:55 +0200 Per Jessen wrote:
Carl Hartung wrote:
Not explicitly designating mail exchangers effectively locks the routing of mail to the A record IP address. If you have no mail services running there, the sender will retry until the defined permanent delivery failure state is reached and sending just fails. At least, this is my experience.
Yup, that is how it works. Did it actually cause a problem for you?
Hi Per, Not for me ;-) but the customer's e-mail went offline for a few hours. My bad, since I assumed the MX records would be there and they weren't. regards, Carl -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 09:54 AM, Carl Hartung wrote:
On Thu, 16 Apr 2015 09:27:52 -0400 Anton Aylward wrote:
Personally I don't think the "try MX first" is a good strategy.
Hi Anton ... am enjoying watching this thread. :-)
Just a quick couple of comments here (from my work) ... I recently published a website by simply changing the A record IP address and was bitten by the Implicit MX rule:
http://www.openspf.org/FAQ/Implicit_MX_rule
Not explicitly designating mail exchangers effectively locks the routing of mail to the A record IP address. If you have no mail services running there, the sender will retry until the defined permanent delivery failure state is reached and sending just fails. At least, this is my experience.
I don't find anything odd about that. In the early days of the 'net, say around 1990, there were many sites with just one machine, one A record. They had all the needed services running there. In fact one of the problems was that many vendors, not least of all the small systems vendors doing "UNIX for the PC" type thing shipped with ALL network services turned on, bot just SMTP and Gopher (http was just emerging) but TFTP, TELNET, FTP and other ones that represented security issues. Sites were raw on the backbone, not firewalls to internal subnet, no IPtables, no IP filtering. Zone transfer was unsecured. Most SMTP servers were open so relaying wasn't a problem. We've shut down many of those problems, but not completely. If you primary host, the one that the A record points to, did not then have SMTP running you couldn't receive mail. I would think that still holds today. If you MX record points to a proper mail-bub, that is your domain has 'dedicated' machines (or addresses or names) for services such as www.xxx, smtp.xxx mail.xxx and so on) and they are configured for processing those protocols that is one thing. But MX doesn't mean that. Back in the antediluvian days of DNS there were MD (mail destination) and MF (mail forwarder) records. M combines the two. Sort of. There is no guarantee that MX means MD. I can quite reasonably have a MX record for a site in Australia: different tectonic plate, different power grid. If California, where @antonaylward.com is hosted, goes brown, mail to me will still be accepted and will, hopefully, get through when power/connectivity comes back. If California slides off into the pacific for good then I, along with many others, can get a new service, somewhere better landlocked perhaps, have the master records at the root servers reset and the mail queued for me in Australia will then be forwarded. This is prety much how things were eventually conceived. The idea of a real single host on the net without a SMTP server seems ... Strange. But then Microsoft and the PC came along. Gates had a different idea. let me repeat: There is no guarantee that a MX host is a mail processor rahter than a mail forwarder. It might be a gateway. A hypothetical example" If I send mail to Joe.Blocks@hp.com that will end up at Joe.Blocks@rdlab14.faversham.uk.hpinternal.intranet And "hpinternal.intranet" is not addressable in any shape or from the Internet. Here we have a MX site for hp.com acting as a gateway to the private internal network. Part of the matter here is that you don't know from the outside what the MX host is. It might be a destination. It might now. Your problem, I think, was having a primary host that couldn't process your mail when you turned off the MX hosts. Oh, and there's no reason why a MX host couldn't have a sophisticated algorithm. My MX host in Australia in the hypothetical example above could, if a another destination wasn't restored within 15 days, forward my email via SMS ... Or something. Or to an alternative account. Or something. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
If your primary host, the one that the A record points to, did not then have SMTP running you couldn't receive mail. I would think that still holds today.
It does not. -- Per Jessen, Zürich (19.7°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 11:36 AM, Per Jessen wrote:
Anton Aylward wrote:
If your primary host, the one that the A record points to, did not then have SMTP running you couldn't receive mail. I would think that still holds today.
It does not.
Carl explicitly said that the MX were not there You've deleted most of my response where I agreed with Carl's observation about the consequence of the "implicit MX" rule. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 04/16/2015 11:36 AM, Per Jessen wrote:
Anton Aylward wrote:
If your primary host, the one that the A record points to, did not then have SMTP running you couldn't receive mail. I would think that still holds today.
It does not.
Carl explicitly said that the MX were not there
You've deleted most of my response where I agreed with Carl's observation about the consequence of the "implicit MX" rule.
Sorry, I didn't realise the paragraphs were related. -- Per Jessen, Zürich (13.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 04/16/2015 03:45 AM, Per Jessen wrote:
antonaylward.com -> 66.33.210.248 As your domain has MX records, nobody is going to look at that entry in a context of mail delivery. Only if "antonaylward.com" had no MX records, would the MTA default to looking at that IP (as a potential mailserver).
I think you are making - a quite reasonable but unsupportable - assumption there. Its that all MTAs will act the way you think they should.
Actually if anything I am assuming all MTAs act according to the RFCs. Which I think is both reasonable and supportable. Any seriously non-compliant MTA won't exist for long - possibly with MS Exchange as one notable exception.
One strategy is this:
[snip]
--------- OR --------
Start with the MX site.
So which do you think is the correct approach?
I _know_ which one is correct - see RFC5321 and its predecessors. [big snip]
Personally I don't think the "try MX first" is a good strategy.
Um, see RFC5321, section 5.1 "Locating the Target Host": "The lookup first attempts to locate an MX record associated with the name." See also text concerning "implicit MX", it might interest you. -- Per Jessen, Zürich (21.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 10:20 AM, Per Jessen wrote:
possibly with MS Exchange as one notable exception.
Indeed. Microsoft has a well established base of non RFC compliant programming. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 10:20 AM, Per Jessen wrote:
Actually if anything I am assuming all MTAs act according to the RFCs.
HA HA HA VERY FUNNY! The earliest of the *822 series had many undefined areas that were subsequently tied down, step by step. (or 'attempts were made ...') The problem is that many vendors are 'compliant" but not with "N"822 where N>2 editions. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 11:18 AM, Anton Aylward wrote:
On 04/16/2015 10:20 AM, Per Jessen wrote:
Actually if anything I am assuming all MTAs act according to the RFCs.
HA HA HA VERY FUNNY!
The earliest of the *822 series had many undefined areas that were subsequently tied down, step by step. (or 'attempts were made ...') The problem is that many vendors are 'compliant" but not with "N"822 where N>2 editions.
Sorry, make that *821 and subsequent E.g. Request for Comments: 2821 Obsoletes: 821, 974, 1869 April 2001 Updates: 1123 <quote> However, RFC 821 specifies some features that were not in significant use in the Internet by the mid-1990s and (in appendices) some additional transport models. </quote> <quote> Usually, intermediate hosts are determined via the DNS MX record, </quote> <quote> A relay SMTP server is usually the target of a DNS MX record that designates it, rather than the final delivery system. </quote> <quote> It is important to note that MX records can point to SMTP servers which act as gateways into other environments, not just SMTP relays and final delivery systems; </quote> Oh, wait a minute ..... 2821 .... Obsoleted by: 5321 Updated by: 5336 RFC5321 has the same text as I quoted above. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Anton Aylward wrote:
On 04/16/2015 11:18 AM, Anton Aylward wrote:
On 04/16/2015 10:20 AM, Per Jessen wrote:
Actually if anything I am assuming all MTAs act according to the RFCs.
HA HA HA VERY FUNNY!
The earliest of the *822 series had many undefined areas that were subsequently tied down, step by step. (or 'attempts were made ...') The problem is that many vendors are 'compliant" but not with "N"822 where N>2 editions.
Sorry, make that *821 and subsequent
E.g.
Request for Comments: 2821 Obsoletes: 821, 974, 1869 April 2001 Updates: 1123
<quote> However, RFC 821 specifies some features that were not in significant use in the Internet by the mid-1990s and (in appendices) some additional transport models. </quote>
<quote> Usually, intermediate hosts are determined via the DNS MX record, </quote>
<quote> A relay SMTP server is usually the target of a DNS MX record that designates it, rather than the final delivery system. </quote>
<quote> It is important to note that MX records can point to SMTP servers which act as gateways into other environments, not just SMTP relays and final delivery systems; </quote>
Oh, wait a minute .....
2821 .... Obsoleted by: 5321 Updated by: 5336
RFC5321 has the same text as I quoted above.
I am missing your point, I think. -- Per Jessen, Zürich (19.0°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bruce Ferrell wrote:
I have business class service (necessary with my ISP to get fixed IP addresses... I have a block of 14) and their residential side mail servers reject email from my email server... And the IS a PTR record, but it doesn't match my domain.
In fairness, this behaviour just started in the last week
This sounds like a problem I ran into last week -- and your description, business class, sounds like Comcast? But I got this bounce last week: The original message was received at Thu, 2 Apr 2015 13:09:34 -0700 from Athenae [192.168.4.12] ----- The following addresses had permanent fatal errors ----- <samba@lists.samba.org> (reason: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4]) ----- Transcript of session follows ----- ... while talking to mail.samba.org.:
DATA <<< 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4] <samba@lists.samba.org>... Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4] <<< 554 5.5.1 Error: no valid recipients Message could not be delivered for 5 days Message will be deleted from queue
I've never had an IPv6 address. I haven't resent the message, I have reconfig'ed my kernel to be sure it doesn't talk ipv6, but I wonder if these symptoms are related. I *used* to have correct reverse-ipv4 lookup working, but have no clue why the samba lists would be trying to use an ipv6 address for lookup. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 02:26 PM, Linda Walsh wrote:
Bruce Ferrell wrote:
I have business class service (necessary with my ISP to get fixed IP addresses... I have a block of 14) and their residential side mail servers reject email from my email server... And the IS a PTR record, but it doesn't match my domain.
In fairness, this behaviour just started in the last week
This sounds like a problem I ran into last week -- and your description, business class, sounds like Comcast? But I got this bounce last week:
The original message was received at Thu, 2 Apr 2015 13:09:34 -0700 from Athenae [192.168.4.12]
----- The following addresses had permanent fatal errors ----- <samba@lists.samba.org> (reason: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4])
----- Transcript of session follows ----- ... while talking to mail.samba.org.:
DATA <<< 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4] <samba@lists.samba.org>... Deferred: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [2601:9:6901:1000:226:b9ff:fe48:71e4] <<< 554 5.5.1 Error: no valid recipients Message could not be delivered for 5 days Message will be deleted from queue
I've never had an IPv6 address. I haven't resent the message, I have reconfig'ed my kernel to be sure it doesn't talk ipv6, but I wonder if these symptoms are related.
I *used* to have correct reverse-ipv4 lookup working, but have no clue why the samba lists would be trying to use an ipv6 address for lookup
Linda, you hit it dead on... I have no idea why, but I was trying to be nice to Comcast The comcast.net messages come back like this: (reason: 554 resimta-po-09v.sys.comcast.net comcast 2601:9:280:d100:a6ba:dbff:fe1a:8a0a Comcast requires that... requirement. For more information, refer to: http://postmaster.comcast.net/smtp-error-codes.php#554) ----- Transcript of session follows ----- ... while talking to mx2.comcast.net.: <<< 554 resimta-ch2-24v.sys.comcast.net comcast 2601:9:280:d100:a6ba:dbff:fe1a:8a0a Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://postmaster.comcast.net/smtp-error-codes.php#554 ... while talking to mx1.comcast.net.: <<< 554 resimta-po-09v.sys.comcast.net comcast 2601:9:280:d100:a6ba:dbff:fe1a:8a0a Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://postmaster.comcast.net/smtp-error-codes.php#554 554 5.0.0 Service unavailable And so far, it ONLY comcast.net addresses. I have ipv6 disabled on my mailserver too. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bruce Ferrell wrote:
And so far, it ONLY comcast.net addresses. I have ipv6 disabled on my mailserver too.
---- It looks like the disabling of ipv4 in the kernel worked. Message went through to the samba list. Note, I did NOT have an ipv6 config setup or assigned to go along with my IPv4 static address(es). I'm wondering if this is in any way related to the problems I had sending messages to Dell email addresses (though they had no mention of ipv6 addrs, just the failure to encrypt): ----- Transcript of session follows ----- <mailman@dell.com>... Deferred: 403 4.7.0 TLS handshake failed. --- Am thinking this TLS might have been due to my mailserver's multiple identities (internal and external net addrs) and one of the internal addrs seemed to be getting used in sending outside mail). That happened while trying to debug some name resolution failures inside my home-net-domain from MS systems which started after their last update (and are still present, slowing everything down)... ARG!!! I hate this... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/15/2015 06:41 PM, Linda Walsh wrote:
Note, I did NOT have an ipv6 config setup or assigned to go along with my IPv4 static address(es). I'm wondering if this is in any way related to the problems I had sending messages to Dell email addresses (though they had no mention of ipv6 addrs, just the failure to encrypt):
You don't have to configure IPv6, provided it's enabled. If your router sends out router advertisements, any IPv6 capable device will get an IPv6 address automagically. What does ifconfig show? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/15/2015 06:41 PM, Linda Walsh wrote:
Note, I did NOT have an ipv6 config setup or assigned to go along with my IPv4 static address(es). I'm wondering if this is in any way related to the problems I had sending messages to Dell email addresses (though they had no mention of ipv6 addrs, just the failure to encrypt):
You don't have to configure IPv6, provided it's enabled. If your router sends out router advertisements, any IPv6 capable device will get an IPv6 address automagically. What does ifconfig show?
Dig shows only an ipv4, which is how ifconfig is setup: Ishtar:law> dig +trace tlinx.org ; <<>> DiG 9.9.2-P2 <<>> +trace tlinx.org ;; global options: +cmd . 401101 IN NS e.root-servers.net. . 401101 IN NS l.root-servers.net. . 401101 IN NS j.root-servers.net. . 401101 IN NS i.root-servers.net. . 401101 IN NS b.root-servers.net. . 401101 IN NS c.root-servers.net. . 401101 IN NS d.root-servers.net. . 401101 IN NS g.root-servers.net. . 401101 IN NS k.root-servers.net. . 401101 IN NS m.root-servers.net. . 401101 IN NS h.root-servers.net. . 401101 IN NS f.root-servers.net. . 401101 IN NS a.root-servers.net. . 518249 IN RRSIG NS 8 0 518400 20150426170000 20150416160000 48613 . EhTvblEwobu9X+kSJFi+sP6XD7R23QNNbBY2c2quRMj0Mv2b691M2XBA 8Yskgl1VSTU1xwC5D/Ge4BZL0cjE3DQ4RTu91W4uO/A1JKKuJDgibTdc fslmGryjsux05EwZ/RzUmXNtDtCsPU725J5pl2JPFLw3eZPzBoxTYDR8 IY4= ;; Received 413 bytes from 127.0.0.1#53(127.0.0.1) in 1446 ms org. 172800 IN NS d0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS a0.org.afilias-nst.info. org. 86400 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0 D90F01BA org. 86400 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 org. 86400 IN RRSIG DS 8 1 86400 20150426170000 20150416160000 48613 . KAbrFUZ0/vObSSz8DcnFJasbICp6zvUn9X2cvMlMQi3/vdvZ8CLqdIiw SL2mqIUdetwrIrLXnHJSgc6g2H/qycwuRixhDGXQyeJlVLuiVahxCV7S ocmYXF49XHoI/9uPmkTdAu+0KgZeci8QfBdYk7SPEK9C06Z/m9/rYtn4 hyM= ;; Received 683 bytes from 198.41.0.4#53(198.41.0.4) in 1436 ms tlinx.org. 86400 IN NS adns.cs.siteprotect.com. tlinx.org. 86400 IN NS bdns.cs.siteprotect.com. h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20150507191000 20150416181000 3213 org. An/y6uXyzthvxvf/YZvvEs21tPlGw6UpTe1AH5RKZ+UnJcfKroKOlRRt CDe0IZGNPI3EyG02FvzZ1MetDh33RAWlZTRR1tm0Lm316DuC1VAPA0pT HbI+Z0VtPEQ1zrzssTgC19/2n506qD26n1VykxRoKFhOpcYNrELQDQrz y9g= u5s81bj5jamd90km8d6fq721bjoied86.org. 86400 IN NSEC3 1 1 1 D399EAAB U5TBM9CBM39N34IQVVC3KLN9KNH16H88 NS DS RRSIG u5s81bj5jamd90km8d6fq721bjoied86.org. 86400 IN RRSIG NSEC3 7 2 86400 20150430154953 20150409144953 3213 org. Xs5G/4+Ynbc3eAGALC8sg9U4C4tdX1guAYOOwGbcm27Ay3WqMmko/nYR cGcSCui7meMPnFhWStl9YvYgwWu1Clzb3ZDqbWfOywvtpJDcTa0kLxEU JQWiSQ52mw1ZFHFGmDSP1EJ1Wc0Cujgw6lzkTVqdMr78HcbapcwrmhKS 41I= ;; Received 587 bytes from 199.19.56.1#53(199.19.56.1) in 559 ms tlinx.org. 14400 IN A 173.164.175.65 tlinx.org. 14400 IN NS adns.cs.siteprotect.com. tlinx.org. 14400 IN NS bdns.cs.siteprotect.com. ;; Received 99 bytes from 64.26.28.8#53(64.26.28.8) in 66 ms Ishtar:law> ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:26:B9:48:71:E2 inet addr:173.164.175.65 Bcast:0.0.0.0 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:402352830 errors:0 dropped:1899 overruns:0 frame:0 TX packets:581740118 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49470429637 (47178.6 Mb) TX bytes:767571165465 (732012.9 Mb) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 03:13 PM, Linda Walsh wrote:
You don't have to configure IPv6, provided it's enabled. If your router sends out router advertisements, any IPv6 capable device will get an IPv6 address automagically. What does ifconfig show?
Dig shows only an ipv4, which is how ifconfig is setup:
I was referring to your computer. What does ifconfig show? As I mentioned, you don't have to configure IPv6. It can be set up automagically. Unless you've disabled IPv6, you should at least have a link local IPv6 address, which starts with FE80. If Comcast has configured their routers appropriately, you may also have a public address or two. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/16/2015 03:13 PM, Linda Walsh wrote:
You don't have to configure IPv6, provided it's enabled. If your router sends out router advertisements, any IPv6 capable device will get an IPv6 address automagically. What does ifconfig show?
Dig shows only an ipv4, which is how ifconfig is setup:
I was referring to your computer. What does ifconfig show? As I mentioned, you don't have to configure IPv6. It can be set up automagically. Unless you've disabled IPv6, you should at least have a link local IPv6 address, which starts with FE80. If Comcast has configured their routers appropriately, you may also have a public address or two.
Sorry for the confusion, but the 'ifconfig' was at the end of the previous email (repeating here): Ishtar:law> ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:26:B9:48:71:E2 inet addr:173.164.175.65 Bcast:0.0.0.0 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:402352830 errors:0 dropped:1899 overruns:0 frame:0 TX packets:581740118 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49470429637 (47178.6 Mb) TX bytes:767571165465 (732012.9 Mb) --- I included the dig as verification that my external 'addr' was the same as returned by 'dig'. If I have a static IP (which I do), how would that be translated to ipv6? I wouldn't be adverse to trying ipv6, but it seems that enabling it causes my static ipv4 address to be ignored -- is that how ipv6 is supposed to work? I thought one of the ipv6 addresses had your ipv4 address embedded in it -- though I know that's not a requirement. Still, if my MX host is ipv4 only, and if ipv6 is "auto-configured" -- how will that map to a static address used by the domain name? I.e. -- when samba.org looked up my ipv6, there was no reverse-lookup set for the "auto-configured" addr. I.e. if comcast configures their routers "appropriately", how will the generated ipv6 addresses get mapped to my static domain? How does ipv6 auto-configuration establish and maintain a fixed domain<=>addr mapping? I thought a fixed-address precluded use of auto-config? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 04:57 PM, Linda Walsh wrote:
Sorry for the confusion, but the 'ifconfig' was at the end of the previous email (repeating here):
Ishtar:law> ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:26:B9:48:71:E2 inet addr:173.164.175.65 Bcast:0.0.0.0 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:402352830 errors:0 dropped:1899 overruns:0 frame:0 TX packets:581740118 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49470429637 (47178.6 Mb) TX bytes:767571165465 (732012.9 Mb) --- I included the dig as verification that my external 'addr' was the same as returned by 'dig'.
Are there any lines that start with "inet6 addr:"? If so, you should have one IPv6 address starting with FE80 and possbily one or more starting with 2.
If I have a static IP (which I do), how would that be translated to ipv6?
That would be whatever address you're assigned.
I wouldn't be adverse to trying ipv6, but it seems that enabling it causes my static ipv4 address to be ignored -- is that how ipv6 is supposed to work?
In general, if there's an IPv6 route to the destination, it will be preferred to IPv4.
I thought one of the ipv6 addresses had your ipv4 address embedded in it -- though I know that's not a requirement.
There are some transition mechanisms that may, but it's not a general rule. However, your MAC address is often included, with some modification.
Still, if my MX host is ipv4 only, and if ipv6 is "auto-configured" -- how will that map to a static address used by the domain name?
There are 4 different ways of getting an IPv6 address. There are static config and DHCP, as with IPv4. There are also addresses based on your MAC address or a random 64 bit number. However, with those two, the most significant 64 bits are generally provided by the router via a router advertisement.
I.e. -- when samba.org looked up my ipv6, there was no reverse-lookup set for the "auto-configured" addr.
I.e. if comcast configures their routers "appropriately", how will the generated ipv6 addresses get mapped to my static domain? How does ipv6 auto-configuration establish and maintain a fixed domain<=>addr mapping?
I thought a fixed-address precluded use of auto-config?
As I mentioned above, Comcast's router may advertise the prefix and your computer could use either MAC based or random number "private" addresses or both. On my home network, I have a Linux box configured as a router/firewall. I get my /56 prefix from a tunnel broker. That provides me with 2^72 addresses, which can be split into 256 /64 networks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/16/2015 04:57 PM, Linda Walsh wrote:
Sorry for the confusion, but the 'ifconfig' was at the end of the previous email (repeating here):
Ishtar:law> ifconfig eth2 eth2 Link encap:Ethernet HWaddr 00:26:B9:48:71:E2 inet addr:173.164.175.65 Bcast:0.0.0.0 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:402352830 errors:0 dropped:1899 overruns:0 frame:0 TX packets:581740118 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:49470429637 (47178.6 Mb) TX bytes:767571165465 (732012.9 Mb) --- I included the dig as verification that my external 'addr' was the same as returned by 'dig'.
Are there any lines that start with "inet6 addr:"? If so, you should have one IPv6 address starting with FE80 and possbily one or more starting with 2.
The above lines are all there is **now**. When I had the ipv6 email problems, my kernel had ipv6 enabled. Last kernel recompile to 3.19.3, I made sure to disable ipv6 -- so I know I don't have it now. Now, that same email to the samba list went through. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
If I have a static IP (which I do), how would that be translated to ipv6?
That would be whatever address you're assigned.
I wouldn't be adverse to trying ipv6, but it seems that enabling it causes my static ipv4 address to be ignored -- is that how ipv6 is supposed to work?
In general, if there's an IPv6 route to the destination, it will be preferred to IPv4.
Yes, it's controlled by /etc/gai.conf.
I thought one of the ipv6 addresses had your ipv4 address embedded in it -- though I know that's not a requirement.
There are some transition mechanisms that may, but it's not a general rule. However, your MAC address is often included, with some modification.
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr
As I mentioned above, Comcast's router may advertise the prefix and your computer could use either MAC based or random number "private" addresses or both.
Yes, that sounds quite likely. Looking at the IPv6 address Linda posted earlier: [2601:9:6901:1000:226:b9ff:fe48:71e4] 2601:9::/32 belongs to Comcast. The lower 64 bits look like they were SLAAC'ed (the ff:fe in the middle) : 0226:b9ff:fe48:71e4 -> MAC addr = 00:26:b9:48:71:e4 - I would say that is one of the interfaces on Linda's Dell machine. (00:26:b9 = Dell) Looks to me like Comcast is running IPv6 by default - good stuff. The real problem is the samba list server which really should not be rejecting IPv6 clients without reverse mapping. -- Per Jessen, Zürich (13.5°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 02:32 AM, Per Jessen wrote:
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr
Actually, that doesn't work on my system. There's even a bug report about it. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/17/2015 02:32 AM, Per Jessen wrote:
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr
Actually, that doesn't work on my system. There's even a bug report about it.
Really? It works fine here on various systems (12.3, 13.1 and 13.2). Do you happen to have the bug# ? -- Per Jessen, Zürich (13.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 08:32 AM, Per Jessen wrote:
James Knott wrote:
On 04/17/2015 02:32 AM, Per Jessen wrote:
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr Actually, that doesn't work on my system. There's even a bug report about it. Really? It works fine here on various systems (12.3, 13.1 and 13.2). Do you happen to have the bug# ?
/proc/sys/net/ipv6/conf/default/use_tempaddr I'm on 13.1 and still don't have a temporary address. I used to with earlier versions. IIRC, it works OK when the KDE network manager is used. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 09:51 AM, James Knott wrote:
On 04/17/2015 08:32 AM, Per Jessen wrote:
James Knott wrote:
On 04/17/2015 02:32 AM, Per Jessen wrote:
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr Actually, that doesn't work on my system. There's even a bug report about it. Really? It works fine here on various systems (12.3, 13.1 and 13.2). Do you happen to have the bug# ?
/proc/sys/net/ipv6/conf/default/use_tempaddr
I'm on 13.1 and still don't have a temporary address. I used to with earlier versions. IIRC, it works OK when the KDE network manager is used.
Sorry, I included the wrong cut 'n paste https://bugzilla.opensuse.org/show_bug.cgi?id=916045 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/17/2015 09:51 AM, James Knott wrote:
On 04/17/2015 08:32 AM, Per Jessen wrote:
James Knott wrote:
On 04/17/2015 02:32 AM, Per Jessen wrote:
The openSUSE default is to use a random address (privacy extensions enabled), see /proc/sys/net/ipv6/conf/default/use_tempaddr Actually, that doesn't work on my system. There's even a bug report about it. Really? It works fine here on various systems (12.3, 13.1 and 13.2). Do you happen to have the bug# ?
/proc/sys/net/ipv6/conf/default/use_tempaddr
I'm on 13.1 and still don't have a temporary address. I used to with earlier versions. IIRC, it works OK when the KDE network manager is used.
I have a temp addr even on 10.3. I doubt if the network manager is involved much - all of my office desktops have a random address, and none of them use network manager.
Sorry, I included the wrong cut 'n paste https://bugzilla.opensuse.org/show_bug.cgi?id=916045
Okay, so it's not that use_tempaddr=2 doesn't work, but that you're having trouble setting it? On my latest 13.2, it's the default, so need to touch it. -- Per Jessen, Zürich (13.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 10:45 AM, Per Jessen wrote:
I have a temp addr even on 10.3. I doubt if the network manager is involved much - all of my office desktops have a random address, and none of them use network manager.
Sorry, I included the wrong cut 'n paste https://bugzilla.opensuse.org/show_bug.cgi?id=916045 Okay, so it's not that use_tempaddr=2 doesn't work, but that you're having trouble setting it? On my latest 13.2, it's the default, so need to touch it.
As I mentioned, it used to work with earlier versions. So, something has changed to cause it to fail now. I have no idea what though. It may work on 13.2, but I don't run it. Also, the same thing has occurred on 3 different computers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 04/17/2015 10:45 AM, Per Jessen wrote:
I have a temp addr even on 10.3. I doubt if the network manager is involved much - all of my office desktops have a random address, and none of them use network manager.
Sorry, I included the wrong cut 'n paste https://bugzilla.opensuse.org/show_bug.cgi?id=916045 Okay, so it's not that use_tempaddr=2 doesn't work, but that you're having trouble setting it? On my latest 13.2, it's the default, so need to touch it.
As I mentioned, it used to work with earlier versions. So, something has changed to cause it to fail now. I have no idea what though. It may work on 13.2, but I don't run it. Also, the same thing has occurred on 3 different computers.
But which bit is it that doesn't work - a) setting use_tempaddr=2 or b) getting a tempaddr when it use_tempaddr=2 ? For me, (b) works fine on 12.3, 13.1 and 13.2, and I have not had reason to play with (a) as it is the default. Is your use_tempaddr value somehow being changed? -- Per Jessen, Zürich (13.1°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/17/2015 11:15 AM, Per Jessen wrote:
But which bit is it that doesn't work -
a) setting use_tempaddr=2
or
b) getting a tempaddr when it use_tempaddr=2 ?
For me, (b) works fine on 12.3, 13.1 and 13.2, and I have not had reason to play with (a) as it is the default. Is your use_tempaddr value somehow being changed?
tempaddr is set to 2, but I don't get a temp address. I am not doing anything to change that value. How else would it be changed? It used to work, but not with 13.1 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 04:57 PM, Linda Walsh wrote:
I wouldn't be adverse to trying ipv6
One thing you can try is ipv6.google.com. If you can get there, you're running IPv6. You can also try test-ipv6.com. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/16/2015 04:57 PM, Linda Walsh wrote:
I wouldn't be adverse to trying ipv6
One suggestion, if the only problem you're experiencing is that mail list, then perhaps you could create an entry in your hosts file for it, containing only the IPv4 address. You really should be using IPv6 when possible. It's the way the "net" is going and Comcast is doing a lot to promote it. IIRC, they will be providing IPv4 via NAT for most customers. IPv6 brings a lot of benefits, beyond more addresses. For example, things like security and multicast are done much better and the fixed length IP header makes routing more efficient. IPv6 uses extension headers, rather than the variable length headers of IPv4. In addition to improving routing, it also allows stacking headers, rather than trying to stuff all options into the variable length IPv4 header. One example of this is in tunnelling. To get my IPv6 tunnel, I use 6in4 tunnelling. Doing this required creating a special IP header with protocol #41. To tunnel IPv4 in IPv6, you just use the next header feature, with IPv4 as the next header. There are a lot more benefits. As I mentioned earlier, I have 2^72 IPv6 addresses all to my self. That's about a trillion times the entire IPv4 address space. Some people advocate giving /48 prefixes (2^80) to everyone. There are enough of those that everyone on earth could have well over 4000 of them. So, no more need to stretch addresses with NAT etc. BTW, all of my 2^72 addresses can be static, if I wish. I have a /56 prefix (in fact, 256 /64s) assigned to me and I can create addresses within it, using static configuration, DHCP, random number or MAC based. It's entirely my choice. You may have noticed some discussion between me and Per Jensen about random number "privacy" addresses. These are generated every few hours and were created because some people were worried about MAC based addresses being used to track which computer the traffic came from. With privacy addresses, your address for outgoing connections changes periodically. You'd still use the MAC based address if you had a server, for example, that must be reached via a fixed address. You can even have both running at the same time. If you want to learn about IPv6, I highly recommend the book "IPv6 Essentials" from O'Reilly http://shop.oreilly.com/product/0636920023432.do -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/14/2015 11:51 PM, Per Jessen wrote:
Being the biggest, oldest and/or the most powerful does not preclude being inexperienced or lazy :-(
They simply do not want to, or the channels to get such things working are not known or open.
They actually refuse to set up reverse DNS for people who pay for a fixed IP ? The mind boggles.
I have watched these threads on the reverse DNS since it was suggested that my mail server, Comcast.com, may not have a PTR record with a valid reverse DNS entry. I spent a lot of time in image processing, and am net illiterate. All I am trying to do is join a couple of the other openSuse mailing lists. How is it that this opensuse list can communicate with me and the other lists are bounced? It appears that if they did what this list does, all would be happy. Please explain what needs to be done and by whom. Thanks Don -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (10)
-
Anton Aylward -
Bruce Ferrell -
Carl Hartung -
Carlos E. R. -
David C. Rankin -
don fisher -
James Knott -
jdd -
Linda Walsh -
Per Jessen