我无法接收电子邮件到“jslawglobe.com”。对于某些电子邮件,它总是有效。对于其他电子邮件,这需要运气。
在调查了其中一个问题后发件人电子邮件它不起作用:
nslookup -type=MX jslawglobe.com
回到:
Server: dns.google
Address: 8.8.8.8
*** dns.google can't find jslawglobe.com: Server failed
最奇怪的是,在我自己的笔记本电脑上:
nslookup -type=MX jslawglobe.com
回到:
Server: G3100.myfiosgateway.com
Address: 192.168.1.1
Non-authoritative answer:
jslawglobe.com MX preference = 10, mail exchanger = alt4.aspmx.l.google.com
jslawglobe.com MX preference = 10, mail exchanger = alt3.aspmx.l.google.com
jslawglobe.com MX preference = 5, mail exchanger = alt2.aspmx.l.google.com
jslawglobe.com MX preference = 5, mail exchanger = alt1.aspmx.l.google.com
jslawglobe.com MX preference = 1, mail exchanger = aspmx.l.google.com
但指挥部:
nslookup -type=MX jslawglobe.com 8.8.8.8
回到:
Server: dns.google
Address: 8.8.8.8
*** dns.google can't find jslawglobe.com: Server failed
为什么 2 个 DNS 服务器给我的答案如此不同?这不是暂时的,至少已经这样一周了,但很可能已经 4 个月了。
答案1
通常当我遇到这种错误时,是因为目标 DNS 破坏了 DNSSEC 记录。
(这是 bind 实例写入的日志行)
Sep 19 20:17:07 ZZZZZ named[14371]: validating jslawglobe.com/MX: got insecure response; parent indicates it should be secure
这次也不例外。
jslawglobe.com 需要联系维护其 DNS 记录的人员并让他们解决此问题。
答案2
经过深入挖掘后找出下一步(参见原始问题下的评论)。
一些 DNS 解析器返回status: SERVFAIL。
jslawglobe.com有来自区域的签名授权com,但其 NS 上没有记录DNSKEY,因此 DNSSEC 配置已损坏。因此,一些 DNS 解析器会忽略损坏的 DNSSEC 并做出响应,而其他 DNS 解析器则不会忽略也不做出响应。
您需要在您的 DNS 注册商上配置 dnssec 或禁用签名委派。
dig NS +additional jslawglobe.com. @8.8.4.4
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> NS +additional jslawglobe.com. @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20791
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;jslawglobe.com. IN NS
;; Query time: 26 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Tue Sep 20 12:32:49 2022
;; MSG SIZE rcvd: 32
[email protected] (AdGuard (CY)): Copy results to clipboard
dig NS +additional jslawglobe.com. @94.140.14.14
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> NS +additional jslawglobe.com. @94.140.14.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27191
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;jslawglobe.com. IN NS
;; Query time: 1 msec
;; SERVER: 94.140.14.14#53(94.140.14.14)
;; WHEN: Tue Sep 20 12:32:49 2022
;; MSG SIZE rcvd: 32
[email protected] (AT&T (US)): Copy results to clipboard
dig NS +additional jslawglobe.com. @165.87.13.129
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> NS +additional jslawglobe.com. @165.87.13.129
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44457
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 12
;; QUESTION SECTION:
;jslawglobe.com. IN NS
;; ANSWER SECTION:
jslawglobe.com. 86400 IN NS kehlani.ns.cloudflare.com.
jslawglobe.com. 86400 IN NS quinton.ns.cloudflare.com.
;; ADDITIONAL SECTION:
kehlani.ns.cloudflare.com. 78728 IN A 108.162.194.223
kehlani.ns.cloudflare.com. 78728 IN A 162.159.38.223
kehlani.ns.cloudflare.com. 78728 IN A 172.64.34.223
quinton.ns.cloudflare.com. 164999 IN A 172.64.35.249
quinton.ns.cloudflare.com. 164999 IN A 108.162.195.249
quinton.ns.cloudflare.com. 164999 IN A 162.159.44.249
kehlani.ns.cloudflare.com. 78728 IN AAAA 2a06:98c1:50::ac40:22df
kehlani.ns.cloudflare.com. 78728 IN AAAA 2606:4700:50::a29f:26df
kehlani.ns.cloudflare.com. 78728 IN AAAA 2803:f800:50::6ca2:c2df
quinton.ns.cloudflare.com. 164999 IN AAAA 2606:4700:58::a29f:2cf9
quinton.ns.cloudflare.com. 164999 IN AAAA 2803:f800:50::6ca2:c3f9
quinton.ns.cloudflare.com. 164999 IN AAAA 2a06:98c1:50::ac40:23f9
;; Query time: 41 msec
;; SERVER: 165.87.13.129#53(165.87.13.129)
;; WHEN: Tue Sep 20 12:32:49 2022
;; MSG SIZE rcvd: 354
com. 区域
dig DS +additional +multiline +dnssec jslawglobe.com. @e.gtld-servers.net.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> DS +additional +multiline +dnssec jslawglobe.com. @e.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5877
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 14, ADDITIONAL: 27
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;jslawglobe.com. IN DS
;; ANSWER SECTION:
jslawglobe.com. 86400 IN DS 49211 8 2 (
EEE39935BA7E61FFAD077F04F6877495B659B1295712
B2A67BD03F470EFE0F2F )
jslawglobe.com. 86400 IN RRSIG DS 8 2 86400 20220927052146 (
20220920041146 32298 com.
qGgZ3u9IGoNHnN3z6o6yuW2LHh7iyjvEgICFWUI98ZGU
Si+/drWBe0nmZOiQAGQRtUAE71lbbCloZ1R6y585PTJW
Z+1aC5k40/bNVP/gi9nWmrSWSFAzupXmbZ5yEgSxFT5z
1b5Pvrhg9DnE2xteTaaQJMPJT6Wx+YOQm7qawji2Q54u
xc2wto57Vpv84wmq1NWjM/Ed5g9FmVa5NB9mDg== )
jslawglobe.com. 名称服务器
dig DNSKEY +additional +multiline +dnssec jslawglobe.com. @kehlani.ns.cloudflare.com.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> DNSKEY +additional +multiline +dnssec jslawglobe.com. @kehlani.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9460
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;jslawglobe.com. IN DNSKEY
;; AUTHORITY SECTION:
jslawglobe.com. 3600 IN SOA kehlani.ns.cloudflare.com. dns.cloudflare.com. (
2286759303 ; serial
10000 ; refresh (2 hours 46 minutes 40 seconds)
2400 ; retry (40 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
;; Query time: 3 msec
;; SERVER: 172.64.34.223#53(172.64.34.223)
;; WHEN: Tue Sep 20 12:27:16 2022
;; MSG SIZE rcvd: 105
[email protected].: Copy results to clipboard
dig DNSKEY +additional +multiline +dnssec jslawglobe.com. @quinton.ns.cloudflare.com.
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> DNSKEY +additional +multiline +dnssec jslawglobe.com. @quinton.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31849
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;jslawglobe.com. IN DNSKEY
;; AUTHORITY SECTION:
jslawglobe.com. 3600 IN SOA kehlani.ns.cloudflare.com. dns.cloudflare.com. (
2286759303 ; serial
10000 ; refresh (2 hours 46 minutes 40 seconds)
2400 ; retry (40 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
;; Query time: 3 msec
;; SERVER: 172.64.35.249#53(172.64.35.249)
;; WHEN: Tue Sep 20 12:27:16 2022
;; MSG SIZE rcvd: 105
https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/
https://metebalci.com/blog/a-minimum-complete-tutorial-of-dnssec/
答案3
Google DNS 可能会检查 TXT 记录是否有一个名为 SPF(在 TXT 内)的条目。
在 Google 搜索中查找 SPF 记录。有很多文章和很好的教程。