DNS failures or rejections vs. mail.ispmail.de

alento · August 14, 2021, 3:50pm

Doing dome more digging I am finding that 2 of the 3 DNS servers her domain is using are not replying.


; <<>> DiG 9.16.1-Ubuntu <<>> @ns1.ngate.de laura-baxter.com MX
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

accounting@do-ny2:~$ dig @ns3.ngate.de laura-baxter.com MX

; <<>> DiG 9.16.1-Ubuntu <<>> @ns3.ngate.de laura-baxter.com MX
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

accounting@do-ny2:~$ dig @ns2.ngate.de laura-baxter.com MX

; <<>> DiG 9.16.1-Ubuntu <<>> @ns2.ngate.de laura-baxter.com MX
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33381
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 9
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 940ed4d52522f33128d4c42b6117e583efcbad2dc31816a4 (good)
;; QUESTION SECTION:
;laura-baxter.com.		IN	MX

;; ANSWER SECTION:
laura-baxter.com.	28800	IN	MX	50 mail.ispmail.de.

;; AUTHORITY SECTION:
laura-baxter.com.	28800	IN	NS	ns3.ngate.de.
laura-baxter.com.	28800	IN	NS	ns1.ngate.de.
laura-baxter.com.	28800	IN	NS	ns2.ngate.de.

;; ADDITIONAL SECTION:
ns2.ngate.de.		28800	IN	AAAA	2001:41d0:701:1100::19d2
mail.ispmail.de.	28800	IN	A	195.185.212.46
mail.ispmail.de.	28800	IN	A	62.26.12.182
mail.ispmail.de.	28800	IN	A	62.26.12.183
mail.ispmail.de.	28800	IN	A	195.185.212.45
ns1.ngate.de.		28800	IN	A	195.185.212.176
ns2.ngate.de.		28800	IN	A	51.68.175.53
ns3.ngate.de.		28800	IN	A	62.26.12.231

;; Query time: 83 msec
;; SERVER: 2001:41d0:701:1100::19d2#53(2001:41d0:701:1100::19d2)
;; WHEN: Sat Aug 14 15:47:16 UTC 2021
;; MSG SIZE  rcvd: 304

And notice, that the one lookup which was successful was via IPv6. Interesting. At this point, I am suspecting her DNS as being a part of the issue, if not the entire issue. Of the three name servers only one has an AAAA record.

I did these lookups from a Digital Ocean server. Off to check them from a BuyVM server, just because. Ok, no issues.

I am suspecting that the name servers being ran by ngate.de are blocking requests from DO IPv4 IP ranges.

@cliff1976 Do you have IPv6 enabled on your MiaB server?