Letsencrypt expired, and dns errors

Maintenance
81

I will be traveling as well today…

I do have DNS override setting on OpnSense, so that internal PC to access box… will have internal IP response, not a public IP. In essence, it is kind of alternative for NAT reflection?

82

https://dablog.informafix.net/204
NAT Reflection employs some simple bouncing daemons to redirect the connections, which works but isn’t always desirable, or even functional for some scenarios. Usually, split DNS is the better way if it is possible on your network. Both are explained here.

83

will try a test at later time though…tks

84

Maybe. I’d try that, or another option if opnSense has it, is to drop the MiaB into a DMZ. pfSense calls it 1to1 NAT. I have 5 public IPs, so I have played around with it, but perfer to keep MiaB on the same vlan as my other VMs.

Just responding to your last message here as well. I know NAT Reflection is a poor way to do this and split DNS is better, but I have it working good enough. Maybe someday I’ll dig down and try out split DNS, but this MiaB serves some of my clients email domains, and I try not to break stuff too often :slight_smile:

Oh, I was digging around and noticed I had made some changes to the DNS server on pfSense to forward DNS queries onto my upstream DNS servers. I remember I had issues with getting VMs on the same vlan to resolve my public domain if that is not enabled.

85

my MAIB is on DMZ…

86

Ok. The only thing left is the NAT Reflection or split DNS. Lets go down that road and see if that gets you fixed up.

87

hi cwilkins,

I tried both PureNAT on/off and still saw nothing changed… Here’s some tcpdump on two boxes (MAIB at DMZ and OPNsense) while I was doing CERT renew. Any thoughts?

BTW, I have my Domain Registra setting up proper for my glue records (ns1.box.f2f10.com and ns2.box.f2f10.com) and I have set under domain registra’s webpannel correctly my Name Server are above mentioned. My Reverse domain record is set up properly with my ISP as well…

sudo mailinabox/management/ssl_certificates.py
No TLS certificates could be provisoned at this time:

box.f2f10.com: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query box.f2f10.com. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).
f2f10.com: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query f2f10.com. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).
www.f2f10.com: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query www.f2f10.com. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).
voicestream.ca: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query voicestream.ca. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).
www.voicestream.ca: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query www.voicestream.ca. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).

box.f2f10.com
DNS on Loopback 0:

14:53:49.897119 IP 127.0.0.1.56631 > 127.0.0.1.53: 8270+ A? f2f10.com. (27)
14:53:51.998808 IP 127.0.0.1.53845 > 127.0.0.1.53: 8270+ A? f2f10.com. (27)
14:53:54.200989 IP 127.0.0.1.38228 > 127.0.0.1.53: 8270+ A? f2f10.com. (27)
14:53:56.603322 IP 127.0.0.1.44520 > 127.0.0.1.53: 8270+ A? f2f10.com. (27)
14:53:59.406473 IP 127.0.0.1.46305 > 127.0.0.1.53: 8270+ A? f2f10.com. (27)
14:53:59.897718 IP 127.0.0.1.53 > 127.0.0.1.53845: 8270 ServFail 0/0/0 (27)
14:53:59.897717 IP 127.0.0.1.53 > 127.0.0.1.56631: 8270 ServFail 0/0/0 (27)
14:53:59.897720 IP 127.0.0.1.53 > 127.0.0.1.44520: 8270 ServFail 0/0/0 (27)
14:53:59.897869 IP 127.0.0.1.53 > 127.0.0.1.46305: 8270 ServFail 0/0/0 (27)

box.f2f10.com
DNS on Ethernet 0:

14:53:49.897409 IP 192.168.140.253.45629 > 76.10.176.225.53: 40627% [1au] A? f2f10.com. (38)
14:53:51.192216 IP 54.167.185.145.61736 > 192.168.140.253.53: 22712 [1au] A? www.f2f10.com. (42)
14:53:51.192328 IP 192.168.140.253.53 > 54.167.185.145.61736: 22712*- 1/2/3 A 76.10.176.225 (130)
14:53:56.647208 IP 158.85.81.120.6712 > 192.168.140.253.53: 13551+ TXT CHAOS? VERSION.BIND. (30)
14:53:56.647406 IP 192.168.140.253.53 > 158.85.81.120.6712: 13551 Refused- 0/0/0 (30)
14:53:58.897799 IP 192.168.140.253.62067 > 76.10.176.225.53: 16608% [1au] A? f2f10.com. (38)
14:53:59.900157 IP 192.168.140.253.53137 > 76.10.176.225.53: 55422% [1au] A? www.f2f10.com. (42)
14:54:08.900470 IP 192.168.140.253.37633 > 76.10.176.225.53: 54663% [1au] A? www.f2f10.com. (42)
14:54:09.902460 IP 192.168.140.253.39619 > 76.10.176.225.53: 57244% [1au] A? box.f2f10.com. (42)
14:54:18.902811 IP 192.168.140.253.22322 > 76.10.176.225.53: 34147% [1au] A? box.f2f10.com. (42)

OpnSense DMZ interface DNS:

@trumpwall:~ # tcpdump -ni em0_vlan140 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0_vlan140, link-type EN10MB (Ethernet), capture size 262144 bytes
14:55:26.616497 IP 192.168.140.253.59223 > 76.10.176.225.53: 44979% [1au] A? box.f2f10.com. (42)
14:55:35.616853 IP 192.168.140.253.22293 > 76.10.176.225.53: 56757% [1au] A? box.f2f10.com. (42)
14:55:36.619410 IP 192.168.140.253.29647 > 76.10.176.225.53: 23992% [1au] A? f2f10.com. (38)
14:55:45.619602 IP 192.168.140.253.28552 > 76.10.176.225.53: 12108% [1au] A? f2f10.com. (38)

OpnSense WAN interface DNS:

@trumpwall:~ # tcpdump -ni pppoe0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe0, link-type NULL (BSD loopback), capture size 262144 bytes
14:56:27.742206 IP 76.10.176.225.56208 > 76.10.176.225.53: 23266% [1au] A? box.f2f10.com. (42)
14:56:27.748276 IP 76.10.176.225.56208 > 76.10.176.225.53: 23266% [1au] A? box.f2f10.com. (42)
14:56:27.748309 IP 76.10.176.225.56208 > 192.168.140.253.53: 23266% [1au] A? box.f2f10.com. (42)
14:56:36.742519 IP 76.10.176.225.15432 > 76.10.176.225.53: 24657% [1au] A? box.f2f10.com. (42)
14:56:36.748737 IP 76.10.176.225.15432 > 76.10.176.225.53: 24657% [1au] A? box.f2f10.com. (42)
14:56:36.748769 IP 76.10.176.225.15432 > 192.168.140.253.53: 24657% [1au] A? box.f2f10.com. (42)
14:56:37.744877 IP 76.10.176.225.28624 > 76.10.176.225.53: 20378% [1au] A? www.f2f10.com. (42)
14:56:37.750720 IP 76.10.176.225.28624 > 76.10.176.225.53: 20378% [1au] A? www.f2f10.com. (42)
14:56:37.750757 IP 76.10.176.225.28624 > 192.168.140.253.53: 20378% [1au] A? www.f2f10.com. (42)

88

here’s a snip of the ssl renew code…

Warn the user about domains hosted elsewhere.

    if not force_domains and show_extended_problems:
            for domain in set(get_web_domains(env, exclude_dns_elsewhere=False)) - set(get_web_domains(env)):
                    problems[domain] = "The domain's DNS is pointed elsewhere, so there is no point to installing$

    # Filter out domains that we can't provision a certificate for.
    def can_provision_for_domain(domain):
            from status_checks import normalize_ip

            # Does the domain resolve to this machine in public DNS? If not,
            # we can't do domain control validation. For IPv6 is configured,
            # make sure both IPv4 and IPv6 are correct because we don't know
            # how Let's Encrypt will connect.
            import dns.resolver
            for rtype, value in [("A", env["PUBLIC_IP"]), ("AAAA", env.get("PUBLIC_IPV6"))]:
                    if not value: continue # IPv6 is not configured
                    try:
                            # Must make the qname absolute to prevent a fall-back lookup with a
                            # search domain appended, by adding a period to the end.
                            response = dns.resolver.query(domain + ".", rtype)
                    except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer) as e:
                            problems[domain] = "DNS isn't configured properly for this domain: DNS resolution fai$
                            return False
                    except Exception as e:
                            problems[domain] = "DNS isn't configured properly for this domain: DNS lookup had an $

I do have IPv6 disabled on OpnSense…Will this be a problem?

89

What does this do exactly? Check whether my MAIB behind NAT or not?

except (dns.resolver.NoNameservers, dns.resolver.NXDOMAIN, dns.resolver.NoAnswer) as e:
problems[domain] = "DNS isn’t configured properly for this domain: DNS resolution fai$
return False
except Exception as e:
problems[domain] = "DNS isn’t configured properly for this domain: DNS lookup had an $

90

on OpnSense box
@box:~$ sudo /mailinabox/management/status_checks.py

System

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Public DNS (nsd4) is not running (port 53).
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at 76.10.176.225:25.
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 76.10.176.225:587.
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at 76.10.176.225:993.
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 76.10.176.225:4190.
:heavy_multiplication_x: HTTP Web (nginx) is running but is not publicly accessible at 76.10.176.225:80.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
:heavy_multiplication_x: HTTPS Web (nginx) is running but is not publicly accessible at 76.10.176.225:443.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
✓ SSH disallows password-based login.
✓ System software is up to date.
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a …
✓ The disk has 164.31 GB space remaining.
✓ System memory is 97% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.f2f10.com

:heavy_multiplication_x: Nameserver glue records are incorrect. The ns1.box.f2f10.com and ns2.box.f2f10.com nameservers must be configured at your domain name registrar as having the IP address 76.10.176.225. They
currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.
:heavy_multiplication_x: This domain must resolve to your box’s IP address (76.10.176.225) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This
problem may result from other issues listed above.
✓ Reverse DNS is set correctly at ISP. [76.10.176.225 ↦ box.f2f10.com]
✓ Hostmaster contact address exists as a mail alias. …
✓ Domain’s email is directed to this domain. [box.f2f10.com has no MX record, which is ok]
✓ Postmaster contact address exists as a mail alias. …
✓ Domain is not blacklisted by dbl.spamhaus.org.
:heavy_multiplication_x: The TLS (SSL) certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2017-09-13 06:02:00 to 2017-12-12 06:02:00.

f2f10.com

:heavy_multiplication_x: The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s control panel to set the nameservers to ns1.box.f2f10.com; ns2.box.f2f10.com.
:heavy_multiplication_x: This domain’s DNS MX record is not set. It should be ‘10 box.f2f10.com’. Mail will not be delivered to this box. It may take several hours for public DNS to update after a change. This problem
may result from other issues listed here.
✓ Domain is not blacklisted by dbl.spamhaus.org.
:heavy_multiplication_x: This domain should resolve to your box’s IP address (A 76.10.176.225) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to [Not Set] in
public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the instructions provided by your domain name registrar
and provide to them this information:

Key Tag: 60585
Key Flags: KSK
Algorithm: 7 / RSASHA1-NSEC3-SHA1
Digest Type: 2 / SHA-256
Digest: 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3
Public Key:

AwEAAdMypof8r0AsRFZBRWDmW6/DFdDAr5uyYYslbb3x2c5PWST8nrZQU3+Pr8q/KafBTrlrLFOiE2LLHkXqmdwYmM/ChEjblutn4n9lUVua2ni90RRif+/qdzJpk5d1zJXsNuTvYv7O41Ikk9kVhvRgKW+2surM8Q6IEiKdvtAdBKinZVDwRJvpXvebRBnZ5GYV58e+Khf6YCTUC1PGXck5ULsTHy0MBUtAvyZ/qFRo2B7d17lfoNw9cK10at8AGSvr2WZNEUkWiaaf2yF+zNoHgmB41P8pUfGxPGCS/4G/zDWvUMX8RrBwJj63XGUVHR/AAnrhedh7q/1h2ayD1blM5+k=

Bulk/Record Format:
f2f10.com. 3600 IN DS 60585 7 2 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3

91

on openwrt box
@box:~$ sudo mailinabox/management/status_checks.py

System

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 76.10.176.225:587.
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at 76.10.176.225:993.
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 76.10.176.225:4190.
✓ SSH disallows password-based login.
✓ System software is up to date.
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a mail alias. [administrator@box.f2f10.com ↦ co-traveler@f2f10.com]
✓ The disk has 164.30 GB space remaining.
✓ System memory is 97% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.f2f10.com

✓ Nameserver glue records are correct at registrar. [ns1/ns2.box.f2f10.com ↦ 76.10.176.225]
✓ Domain resolves to box’s IP address. [box.f2f10.com ↦ 76.10.176.225]
✓ Reverse DNS is set correctly at ISP. [76.10.176.225 ↦ box.f2f10.com]
✓ The DANE TLSA record for incoming mail is correct (_25._tcp.box.f2f10.com).
✓ Hostmaster contact address exists as a mail alias. [hostmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain’s email is directed to this domain. [box.f2f10.com ↦ 10 box.f2f10.com]
✓ Postmaster contact address exists as a mail alias. [postmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain is not blacklisted by dbl.spamhaus.org.
:heavy_multiplication_x: The TLS (SSL) certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2017-09-13 06:02:00 to 2017-12-12 06:02:00.

f2f10.com

✓ Nameservers are set correctly at registrar. [ns1.box.f2f10.com; ns2.box.f2f10.com]
✓ Domain’s email is directed to this domain. [f2f10.com ↦ 10 box.f2f10.com]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ Domain resolves to this box’s IP address. [f2f10.com ↦ 76.10.176.225]
:heavy_multiplication_x: The TLS (SSL) certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2017-09-13 06:02:00 to 2017-12-12 06:02:00.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS record, you must follow the instructions provided by your domain name registrar
and provide to them this information:

Key Tag: 60585
Key Flags: KSK
Algorithm: 7 / RSASHA1-NSEC3-SHA1
Digest Type: 2 / SHA-256
Digest: 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3
Public Key:

AwEAAdMypof8r0AsRFZBRWDmW6/DFdDAr5uyYYslbb3x2c5PWST8nrZQU3+Pr8q/KafBTrlrLFOiE2LLHkXqmdwYmM/ChEjblutn4n9lUVua2ni90RRif+/qdzJpk5d1zJXsNuTvYv7O41Ikk9kVhvRgKW+2surM8Q6IEiKdvtAdBKinZVDwRJvpXvebRBnZ5GYV58e+Khf6YCTUC1PGXck5ULsTHy0MBUtAvyZ/qFRo2B7d17lfoNw9cK10at8AGSvr2WZNEUkWiaaf2yF+zNoHgmB41P8pUfGxPGCS/4G/zDWvUMX8RrBwJj63XGUVHR/AAnrhedh7q/1h2ayD1blM5+k=

Bulk/Record Format:
f2f10.com. 3600 IN DS 60585 7 2 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3

92

now, on openWRT, we can provision TLS certificate
@box:~$ sudo /home/devnull/mailinabox/management/ssl_certificates.py

A TLS certificate was requested for: box.f2f10.com, f2f10.com, www.f2f10.com, voicestream.ca, www.voicestream.ca.
We have to wait 60 seconds for the certificate to be issued…
We have to wait 50 seconds for the certificate to be issued…
We have to wait 40 seconds for the certificate to be issued…
We have to wait 30 seconds for the certificate to be issued…
We have to wait 20 seconds for the certificate to be issued…
We have to wait 10 seconds for the certificate to be issued…

  • Stopping Postfix Mail Transport Agent postfix
    …done.
  • Starting Postfix Mail Transport Agent postfix
    …done.
    dovecot stop/waiting
    dovecot start/running, process 6127
  • Reloading nginx configuration nginx
    …done.
    A TLS certificate was successfully installed for box.f2f10.com, f2f10.com, www.f2f10.com, voicestream.ca, www.voicestream.ca.
93

Correct tcpdump on openwrt while doing "mailinabox/management/status_checks.py "

root@TorWrt:/home/devnull# tcpdump -ni pppoe-wan port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
06:25:10.528668 IP 76.10.176.225.32986 > 192.5.5.241.53: 56486% [1au] A? aspmx.l.google.com. (47)
06:25:10.528785 IP 76.10.176.225.51844 > 192.5.5.241.53: 54716% [1au] NS? . (28)
06:25:10.529057 IP 76.10.176.225.26728 > 192.5.5.241.53: 551% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.535619 IP 192.5.5.241.53 > 76.10.176.225.32986: 56486- 0/15/27 (1178)
06:25:10.536046 IP 192.5.5.241.53 > 76.10.176.225.51844: 54716*- 14/0/27 NS i.root-servers.net., NS k.root-servers.net., NS f.root-servers.net., NS h.root-servers.net., NS b.root-servers.net., NS j.root-servers.net., NS l.root-servers.net., NS a.root-servers.net., NS m.root-servers.net., NS d.root-servers.net., NS g.root-servers.net., NS e.root-servers.net., NS c.root-servers.net., RRSIG (1097)
06:25:10.536295 IP 192.5.5.241.53 > 76.10.176.225.26728: 551- 0/15/27 (1178)
06:25:10.536689 IP 76.10.176.225.29624 > 192.48.79.30.53: 63279% [1au] A? aspmx.l.google.com. (47)
06:25:10.536975 IP 76.10.176.225.45377 > 192.228.79.201.53: 9344% [1au] DNSKEY? . (28)
06:25:10.537108 IP 76.10.176.225.36272 > 192.48.79.30.53: 31089% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.558855 IP 76.10.176.225.9062 > 8.8.8.8.53: 54307+ A? safebrowsing.googleapis.com. (45)
06:25:10.558986 IP 76.10.176.225.9062 > 8.8.4.4.53: 54307+ A? safebrowsing.googleapis.com. (45)
06:25:10.581800 IP 192.48.79.30.53 > 76.10.176.225.36272: 31089- 0/8/5 (668)
06:25:10.582579 IP 76.10.176.225.35440 > 216.239.36.10.53: 34492% [1au] AAAA? aspmx.l.google.com. (47)
06:25:10.589517 IP 8.8.4.4.53 > 76.10.176.225.9062: 54307 1/0/0 A 172.217.1.10 (61)
06:25:10.591534 IP 8.8.8.8.53 > 76.10.176.225.9062: 54307 1/0/0 A 172.217.0.234 (61)
06:25:10.600778 IP 192.48.79.30.53 > 76.10.176.225.29624: 63279- 0/8/5 (668)
06:25:10.601581 IP 76.10.176.225.59053 > 216.239.36.10.53: 52833% [1au] A? aspmx.l.google.com. (47)
06:25:10.609064 IP 192.228.79.201.53 > 76.10.176.225.45377: 9344*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG (1414)
06:25:10.615525 IP 216.239.36.10.53 > 76.10.176.225.35440: 34492*- 1/0/0 AAAA 2607:f8b0:4001:c19::1b (64)
06:25:10.616061 IP 76.10.176.225.57397 > 192.33.4.12.53: 9078% [1au] DS? com. (32)
06:25:10.634783 IP 216.239.36.10.53 > 76.10.176.225.59053: 52833*- 1/0/0 A 74.125.70.26 (52)
06:25:10.636267 IP 192.33.4.12.53 > 76.10.176.225.57397: 9078*- 2/0/1 DS, RRSIG (367)
06:25:10.637254 IP 76.10.176.225.59060 > 192.36.148.17.53: 39823% [1au] DS? google.com. (39)
06:25:10.664060 IP 192.36.148.17.53 > 76.10.176.225.59060: 39823- 0/15/27 (1170)
06:25:10.664861 IP 76.10.176.225.38459 > 192.12.94.30.53: 41959% [1au] DS? google.com. (39)
06:25:10.690057 IP 192.12.94.30.53 > 76.10.176.225.38459: 41959*- 0/6/1 (760)
06:25:10.690756 IP 76.10.176.225.12082 > 192.54.112.30.53: 60969% [1au] DNSKEY? com. (32)
06:25:10.754035 IP 192.54.112.30.53 > 76.10.176.225.12082: 60969*- 3/0/1 DNSKEY, DNSKEY, RRSIG (743)
06:25:10.788373 IP 76.10.176.225.23024 > 199.7.83.42.53: 17716% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.813738 IP 199.7.83.42.53 > 76.10.176.225.23024: 17716- 0/9/13 (832)
06:25:10.814772 IP 76.10.176.225.8601 > 199.19.54.1.53: 4714% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.889292 IP 199.19.54.1.53 > 76.10.176.225.8601: 4714- 0/8/7 (773)
06:25:10.890129 IP 76.10.176.225.62993 > 162.159.24.35.53: 54181% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.890246 IP 76.10.176.225.53450 > 198.41.0.4.53: 29562% [1au] A? ns20.ja.net. (40)
06:25:10.912624 IP 198.41.0.4.53 > 76.10.176.225.53450: 29562- 0/15/27 (1168)
06:25:10.913493 IP 76.10.176.225.11097 > 192.43.172.30.53: 41752% [1au] A? ns20.ja.net. (40)
06:25:10.916520 IP 162.159.24.35.53 > 76.10.176.225.62993: 54181- 0/20/1 (382)
06:25:10.917222 IP 76.10.176.225.62392 > 162.159.25.27.53: 41836% [1au] A? 0.ns.spamhaus.org. (46)
06:25:10.917338 IP 76.10.176.225.57818 > 162.159.25.27.53: 58890% [1au] A? 2.ns.spamhaus.org. (46)
06:25:10.917426 IP 76.10.176.225.60024 > 162.159.25.27.53: 61437% [1au] A? 3.ns.spamhaus.org. (46)
06:25:10.917510 IP 76.10.176.225.35973 > 162.159.25.27.53: 14129% [1au] A? 4.ns.spamhaus.org. (46)
06:25:10.917594 IP 76.10.176.225.34190 > 162.159.25.27.53: 8858% [1au] A? 5.ns.spamhaus.org. (46)
06:25:10.917678 IP 76.10.176.225.5144 > 162.159.25.27.53: 17555% [1au] A? 7.ns.spamhaus.org. (46)
06:25:10.917763 IP 76.10.176.225.6328 > 162.159.25.27.53: 41997% [1au] A? 8.ns.spamhaus.org. (46)
06:25:10.917848 IP 76.10.176.225.2076 > 162.159.25.27.53: 43137% [1au] A? b.ns.spamhaus.org. (46)
06:25:10.917931 IP 76.10.176.225.28666 > 162.159.25.27.53: 37072% [1au] A? c.ns.spamhaus.org. (46)
06:25:10.918015 IP 76.10.176.225.29398 > 162.159.25.27.53: 51486% [1au] A? d.ns.spamhaus.org. (46)
06:25:10.918100 IP 76.10.176.225.49129 > 162.159.25.27.53: 11537% [1au] A? f.ns.spamhaus.org. (46)
06:25:10.918187 IP 76.10.176.225.4060 > 162.159.25.27.53: 48855% [1au] A? k.ns.spamhaus.org. (46)
06:25:10.918271 IP 76.10.176.225.30346 > 162.159.25.27.53: 29011% [1au] A? g.ns.spamhaus.org. (46)
06:25:10.918354 IP 76.10.176.225.54260 > 162.159.25.27.53: 46687% [1au] A? h.ns.spamhaus.org. (46)
06:25:10.918437 IP 76.10.176.225.59936 > 162.159.25.27.53: 53778% [1au] A? o.ns.spamhaus.org. (46)
06:25:10.918519 IP 76.10.176.225.26159 > 162.159.25.27.53: 20900% [1au] A? i.ns.spamhaus.org. (46)
06:25:10.918604 IP 76.10.176.225.39034 > 162.159.25.27.53: 11559% [1au] A? q.ns.spamhaus.org. (46)
06:25:10.918688 IP 76.10.176.225.39823 > 162.159.25.27.53: 23203% [1au] A? r.ns.spamhaus.org. (46)
06:25:10.918781 IP 76.10.176.225.41576 > 162.159.25.27.53: 36994% [1au] A? t.ns.spamhaus.org. (46)
06:25:10.918867 IP 76.10.176.225.35144 > 162.159.25.27.53: 50105% [1au] A? x.ns.spamhaus.org. (46)
06:25:10.923783 IP 162.159.25.27.53 > 76.10.176.225.57818: 58890*- 6/0/1 A 61.152.158.148, A 123.125.50.94, A 220.181.15.89, A 52.79.110.70, A 45.32.36.96, A 52.193.25.66 (142)
06:25:10.924004 IP 162.159.25.27.53 > 76.10.176.225.62392: 41836*- 15/0/1 A 68.71.33.14, A 43.245.61.150, A 186.202.136.35, A 193.190.148.15, A 193.74.22.152, A 209.222.201.140, A 209.6.82.10, A 143.215.143.4, A 185.5.138.232, A 194.104.0.140, A 85.94.194.12, A 213.81.185.73, A 129.143.4.184, A 85.25.14.252, A 193.190.148.145 (286)
06:25:10.924101 IP 162.159.25.27.53 > 76.10.176.225.60024: 61437*- 3/0/1 A 43.245.61.150, A 202.157.163.236, A 52.74.79.56 (94)
06:25:10.924157 IP 162.159.25.27.53 > 76.10.176.225.35973: 14129*- 2/0/1 A 35.154.147.207, A 139.59.48.139 (78)
06:25:10.924253 IP 162.159.25.27.53 > 76.10.176.225.5144: 17555*- 2/0/1 A 196.37.250.59, A 169.239.182.57 (78)
06:25:10.924494 IP 162.159.25.27.53 > 76.10.176.225.34190: 8858*- 3/0/1 A 41.215.240.213, A 193.182.144.157, A 213.236.56.133 (94)
06:25:10.924586 IP 162.159.25.27.53 > 76.10.176.225.6328: 41997*- 2/0/1 A 52.62.94.197, A 45.32.245.97 (78)
06:25:10.924755 IP 76.10.176.225.35510 > 123.125.50.94.53: 8810% [1au] A? 225.176.10.76.zen.spamhaus.org. (59)
06:25:10.924781 IP 162.159.25.27.53 > 76.10.176.225.2076: 43137*- 4/0/1 A 194.104.0.140, A 193.190.148.15, A 193.74.22.152, A 193.190.148.145 (110)
06:25:10.924841 IP 162.159.25.27.53 > 76.10.176.225.29398: 51486*- 7/0/1 A 213.81.185.73, A 217.160.177.94, A 212.77.104.11, A 129.143.4.184, A 145.239.25.182, A 89.188.72.138, A 37.235.56.240 (158)
06:25:10.924916 IP 162.159.25.27.53 > 76.10.176.225.28666: 37072*- 6/0/1 A 89.45.233.104, A 46.246.28.116, A 45.32.182.8, A 138.68.119.104, A 193.10.252.13, A 78.153.204.30 (142)
06:25:10.924971 IP 162.159.25.27.53 > 76.10.176.225.4060: 48855*- 3/0/1 A 54.233.122.54, A 143.106.2.74, A 186.202.136.35 (94)
06:25:10.925014 IP 162.159.25.27.53 > 76.10.176.225.49129: 11537*- 5/0/1 A 164.132.90.161, A 217.70.178.43, A 151.236.23.137, A 104.238.191.78, A 85.25.14.252 (126)
06:25:10.925075 IP 162.159.25.27.53 > 76.10.176.225.59936: 53778*- 3/0/1 A 209.239.113.84, A 45.77.193.2, A 143.215.143.4 (94)
06:25:10.925128 IP 162.159.25.27.53 > 76.10.176.225.54260: 46687*- 6/0/1 A 185.5.138.232, A 193.219.81.138, A 213.183.54.108, A 195.80.109.86, A 148.81.197.185, A 185.110.56.130 (142)
06:25:10.925252 IP 162.159.25.27.53 > 76.10.176.225.30346: 29011*- 4/0/1 A 85.217.170.32, A 147.102.226.131, A 194.68.44.148, A 185.65.206.162 (110)
06:25:10.925343 IP 162.159.25.27.53 > 76.10.176.225.26159: 20900*- 4/0/1 A 178.209.52.139, A 193.2.1.39, A 147.123.241.117, A 85.94.194.12 (110)
06:25:10.925487 IP 162.159.25.27.53 > 76.10.176.225.39034: 11559*- 3/0/1 A 171.66.2.21, A 209.148.113.38, A 50.22.152.254 (94)
06:25:10.925579 IP 162.159.25.27.53 > 76.10.176.225.41576: 36994*- 7/0/1 A 45.76.8.81, A 192.95.56.15, A 209.222.201.140, A 209.6.82.10, A 207.172.85.190, A 74.91.116.184, A 68.71.33.14 (158)
06:25:10.925652 IP 162.159.25.27.53 > 76.10.176.225.39823: 23203*- 1/0/1 A 66.33.204.14 (62)
06:25:10.925744 IP 162.159.25.27.53 > 76.10.176.225.35144: 50105*- 3/0/1 A 207.178.119.13, A 67.22.190.5, A 108.168.155.183 (94)
06:25:10.958058 IP 192.43.172.30.53 > 76.10.176.225.11097: 41752- 0/9/11 (845)
06:25:10.958989 IP 76.10.176.225.11762 > 192.58.128.30.53: 22771% [1au] A? ns1.surfnet.nl. (43)
06:25:10.959111 IP 76.10.176.225.56092 > 128.86.1.20.53: 37979% [1au] A? ns20.ja.net. (40)
06:25:11.047836 IP 128.86.1.20.53 > 76.10.176.225.56092: 37979*- 1/5/15 A 194.82.174.6 (760)
06:25:11.224617 IP 192.58.128.30.53 > 76.10.176.225.11762: 22771- 0/10/17 (907)
06:25:11.225414 IP 76.10.176.225.61577 > 213.154.241.85.53: 19120% [1au] A? ns1.surfnet.nl. (43)
06:25:11.235026 IP 123.125.50.94.53 > 76.10.176.225.35510: 8810 NXDomain*- 0/1/0 (112)
06:25:11.235771 IP 76.10.176.225.61668 > 128.63.2.53.53: 53538% [1au] DS? org. (32)
06:25:11.235885 IP 76.10.176.225.33650 > 128.63.2.53.53: 57172% [1au] NS? . (28)
06:25:11.270051 IP 128.63.2.53.53 > 76.10.176.225.33650: 57172*- 14/0/27 NS a.root-servers.net., NS b.root-servers.net., NS c.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS h.root-servers.net., NS i.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS m.root-servers.net., RRSIG (1097)
06:25:11.270261 IP 128.63.2.53.53 > 76.10.176.225.61668: 53538*- 3/0/1 DS, DS, RRSIG (403)
06:25:11.271130 IP 76.10.176.225.24584 > 193.0.14.129.53: 15034% [1au] DS? spamhaus.org. (41)
06:25:11.315295 IP 193.0.14.129.53 > 76.10.176.225.24584: 15034- 0/9/13 (856)
06:25:11.316065 IP 76.10.176.225.20931 > 199.249.112.1.53: 24195% [1au] DS? spamhaus.org. (41)
06:25:11.322523 IP 199.249.112.1.53 > 76.10.176.225.20931: 24195*- 0/6/1 (760)
06:25:11.323199 IP 76.10.176.225.13783 > 199.19.57.1.53: 16098% [1au] DNSKEY? org. (32)
06:25:11.330767 IP 213.154.241.85.53 > 76.10.176.225.61577: 19120- 0/7/7 (503)
06:25:11.331514 IP 76.10.176.225.47672 > 192.41.162.30.53: 18200% [1au] A? ns1.zurich.surf.net. (48)
06:25:11.331631 IP 76.10.176.225.40933 > 193.63.94.20.53: 37352% [1au] A? ns1.surfnet.nl. (43)
06:25:11.351284 IP 192.41.162.30.53 > 76.10.176.225.47672: 18200- 0/9/7 (764)
06:25:11.352117 IP 76.10.176.225.16220 > 193.63.94.20.53: 12102% [1au] A? ns1.zurich.surf.net. (48)
06:25:11.419032 IP 193.63.94.20.53 > 76.10.176.225.40933: 37352|$ 0/0/0 (43)
06:25:11.419460 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [S], seq 1418782059, win 29200, options [mss 1452,sackOK,TS val 1121912513 ecr 0,nop,wscale 7], length 0
06:25:11.503301 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [S.], seq 3102829770, ack 1418782060, win 50400, options [nop,nop,TS val 97751156 ecr 1121912513,mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
06:25:11.503555 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1, win 229, options [nop,nop,TS val 1121912534 ecr 97751156], length 0
06:25:11.503671 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [P.], seq 1:46, ack 1, win 229, options [nop,nop,TS val 1121912534 ecr 97751156], length 4536184% [1au] A? ns1.surfnet.nl. (43)
06:25:11.587216 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 0
06:25:11.588500 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], seq 1:1441, ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 144036184*- 2/6/17 A 192.87.106.101, RRSIG (1438)
06:25:11.588558 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [P.], seq 1441:1604, ack 46, win 50400, options [nop,nop,TS val 97751164 ecr 1121912534], length 16323109 inv_q+% [b2&3=0xf77] [23089q] [62121a] [36919n] [1907au][|domain]
06:25:11.588873 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1604, win 254, options [nop,nop,TS val 1121912555 ecr 97751164], length 0
06:25:11.589126 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [F.], seq 46, ack 1604, win 254, options [nop,nop,TS val 1121912555 ecr 97751164], length 0
06:25:11.589788 IP 193.63.94.20.53 > 76.10.176.225.16220: 12102*- 1/5/18 A 195.176.255.9 (1431)
06:25:11.672727 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [.], ack 47, win 50400, options [nop,nop,TS val 97751173 ecr 1121912555], length 0
06:25:11.672821 IP 193.63.94.20.53 > 76.10.176.225.36862: Flags [F.], seq 1604, ack 47, win 50400, options [nop,nop,TS val 97751173 ecr 1121912555], length 0
06:25:11.672970 IP 76.10.176.225.36862 > 193.63.94.20.53: Flags [.], ack 1605, win 254, options [nop,nop,TS val 1121912576 ecr 97751173], length 0
06:25:12.123481 IP 76.10.176.225.21737 > 199.19.56.1.53: 53123% [1au] DNSKEY? org. (32)
06:25:12.168315 IP 199.19.56.1.53 > 76.10.176.225.21737: 53123*- 7/0/1 DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG, RRSIG[|domain]
06:25:12.437873 IP 76.10.176.225.44713 > 192.203.230.10.53: 31497% [1au] NS? . (28)
06:25:12.437993 IP 76.10.176.225.3324 > 192.203.230.10.53: 33729% [1au] DS? f2f10.com. (38)
06:25:12.445051 IP 192.203.230.10.53 > 76.10.176.225.44713: 31497*- 14/0/27 NS a.root-servers.net., NS b.root-servers.net., NS c.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS h.root-servers.net., NS i.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS m.root-servers.net., RRSIG (1097)
06:25:12.445292 IP 192.203.230.10.53 > 76.10.176.225.3324: 33729- 0/15/27 (1169)
06:25:12.446925 IP 76.10.176.225.30117 > 192.52.178.30.53: 59416% [1au] DS? f2f10.com. (38)
06:25:12.492095 IP 76.10.176.225.11100 > 192.52.178.30.53: 33051% [1au] A? www.f2f10.com. (42)
06:25:12.496477 IP 76.10.176.225.29928 > 199.7.91.13.53: 49963% [1au] A? www.voicestream.ca. (47)
06:25:12.502165 IP 76.10.176.225.14985 > 199.7.91.13.53: 59117% [1au] DS? voicestream.ca. (43)
06:25:12.510290 IP 199.7.91.13.53 > 76.10.176.225.29928: 49963- 0/6/9 (635)
06:25:12.511079 IP 76.10.176.225.63335 > 199.4.144.2.53: 39357% [1au] A? www.voicestream.ca. (47)
06:25:12.516021 IP 199.7.91.13.53 > 76.10.176.225.14985: 59117- 0/6/9 (631)
06:25:12.516769 IP 76.10.176.225.58317 > 199.4.144.2.53: 47923% [1au] DS? voicestream.ca. (43)
06:25:12.518015 IP 199.4.144.2.53 > 76.10.176.225.63335: 39357- 0/6/1 (579)
06:25:12.518804 IP 76.10.176.225.2923 > 192.52.178.30.53: 35815% [1au] A? ns2.box.f2f10.com. (46)
06:25:12.518917 IP 76.10.176.225.36706 > 192.52.178.30.53: 36779% [1au] A? ns1.box.f2f10.com. (46)
06:25:12.523782 IP 199.4.144.2.53 > 76.10.176.225.58317: 47923*- 0/6/1 (752)
06:25:12.524503 IP 76.10.176.225.1330 > 185.159.196.2.53: 13578% [1au] DNSKEY? ca. (31)
06:25:12.559035 IP 185.159.196.2.53 > 76.10.176.225.1330: 13578*- 4/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG (893)
06:25:12.559953 IP 76.10.176.225.5673 > 192.112.36.4.53: 46232% [1au] DS? ca. (31)
06:25:12.565523 IP 192.52.178.30.53 > 76.10.176.225.36706: 36779- 0/6/3 (595)
06:25:12.601791 IP 192.52.178.30.53 > 76.10.176.225.30117: 59416*- 0/6/1 (759)
06:25:12.602515 IP 192.112.36.4.53 > 76.10.176.225.5673: 46232*- 2/0/1 DS, RRSIG (366)
06:25:12.623976 IP 76.10.176.225.60879 > 202.12.27.33.53: 33056% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.626984 IP 76.10.176.225.64421 > 192.16.188.181.53: 48316% [1au] A? voicestream.ca.dbl.spamhaus.org. (60)
06:25:12.630954 IP 76.10.176.225.42950 > 192.16.188.181.53: 20858% [1au] A? f2f10.com.dbl.spamhaus.org. (55)
06:25:12.647575 IP 192.52.178.30.53 > 76.10.176.225.11100: 33051- 0/6/3 (599)
06:25:12.674287 IP 192.52.178.30.53 > 76.10.176.225.2923: 35815- 0/6/3 (595)
06:25:12.690031 IP 202.12.27.33.53 > 76.10.176.225.60879: 33056- 0/10/13 (739)
06:25:12.690835 IP 76.10.176.225.42212 > 199.180.182.53.53: 59549% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.736754 IP 192.16.188.181.53 > 76.10.176.225.64421: 48316- 0/19/71 (1464)
06:25:12.737695 IP 76.10.176.225.14409 > 151.236.23.137.53: 42924% [1au] A? voicestream.ca.dbl.spamhaus.org. (60)
06:25:12.740998 IP 192.16.188.181.53 > 76.10.176.225.42950: 20858- 0/19/71 (1464)
06:25:12.742214 IP 76.10.176.225.27330 > 151.236.23.137.53: 41872% [1au] A? f2f10.com.dbl.spamhaus.org. (55)
06:25:12.748001 IP 199.180.182.53.53 > 76.10.176.225.42212: 59549- 0/8/1 (383)
06:25:12.749212 IP 76.10.176.225.32623 > 192.5.6.30.53: 9161% [1au] A? r.arin.net. (39)
06:25:12.749326 IP 76.10.176.225.22424 > 192.5.6.30.53: 42213% [1au] A? u.arin.net. (39)
06:25:12.749412 IP 76.10.176.225.38925 > 192.5.6.30.53: 64246% [1au] A? x.arin.net. (39)
06:25:12.749496 IP 76.10.176.225.14696 > 192.5.6.30.53: 18560% [1au] A? y.arin.net. (39)
06:25:12.749579 IP 76.10.176.225.3265 > 192.5.6.30.53: 26220% [1au] A? z.arin.net. (39)
06:25:12.749663 IP 76.10.176.225.41575 > 192.5.6.30.53: 8974% [1au] A? arin.authdns.ripe.net. (50)
06:25:12.766029 IP 192.5.6.30.53 > 76.10.176.225.38925: 64246- 0/7/9 (532)
06:25:12.766259 IP 192.5.6.30.53 > 76.10.176.225.14696: 18560- 0/7/9 (532)
06:25:12.766503 IP 192.5.6.30.53 > 76.10.176.225.41575: 8974- 0/9/13 (690)
06:25:12.766966 IP 76.10.176.225.20484 > 199.5.26.108.53: 35144% [1au] A? y.arin.net. (39)
06:25:12.767087 IP 76.10.176.225.29466 > 199.5.26.108.53: 64767% [1au] A? x.arin.net. (39)
06:25:12.767175 IP 76.10.176.225.43209 > 192.26.92.30.53: 14379% [1au] A? a1.verisigndns.com. (47)
06:25:12.767259 IP 76.10.176.225.47117 > 193.0.9.7.53: 47324% [1au] A? arin.authdns.ripe.net. (50)
06:25:12.767341 IP 76.10.176.225.37949 > 192.26.92.30.53: 29428% [1au] A? a3.verisigndns.com. (47)
06:25:12.767425 IP 76.10.176.225.44494 > 192.26.92.30.53: 21087% [1au] A? a2.verisigndns.com. (47)
06:25:12.767763 IP 192.5.6.30.53 > 76.10.176.225.32623: 9161- 0/7/9 (532)
06:25:12.767871 IP 192.5.6.30.53 > 76.10.176.225.22424: 42213- 0/7/9 (530)
06:25:12.768254 IP 192.5.6.30.53 > 76.10.176.225.3265: 26220- 0/7/9 (532)
06:25:12.768654 IP 76.10.176.225.36623 > 199.5.26.108.53: 64733% [1au] A? u.arin.net. (39)
06:25:12.768766 IP 76.10.176.225.4096 > 199.5.26.108.53: 4867% [1au] A? r.arin.net. (39)
06:25:12.768850 IP 76.10.176.225.60827 > 199.5.26.108.53: 11873% [1au] A? z.arin.net. (39)
06:25:12.784268 IP 192.26.92.30.53 > 76.10.176.225.44494: 21087- 0/8/10 (537)
06:25:12.784497 IP 192.26.92.30.53 > 76.10.176.225.37949: 29428- 0/8/10 (537)
06:25:12.785211 IP 76.10.176.225.36544 > 209.112.113.33.53: 40864% [1au] A? a2.verisigndns.com. (47)
06:25:12.785325 IP 76.10.176.225.14145 > 209.112.113.33.53: 60647% [1au] A? a3.verisigndns.com. (47)
06:25:12.787265 IP 192.26.92.30.53 > 76.10.176.225.43209: 14379- 0/8/10 (537)
06:25:12.787844 IP 76.10.176.225.42970 > 209.112.113.33.53: 19864% [1au] A? a1.verisigndns.com. (47)
06:25:12.805025 IP 209.112.113.33.53 > 76.10.176.225.36544: 40864*- 2/7/12 A 209.112.114.33, RRSIG (760)
06:25:12.805260 IP 209.112.113.33.53 > 76.10.176.225.14145: 60647*- 2/7/12 A 69.36.145.33, RRSIG (760)
06:25:12.808011 IP 209.112.113.33.53 > 76.10.176.225.42970: 19864*- 2/7/12 A 209.112.113.33, RRSIG (760)
06:25:12.824048 IP 199.5.26.108.53 > 76.10.176.225.20484: 35144*- 2/5/17 A 192.82.134.30, RRSIG (1464)
06:25:12.824777 IP 199.5.26.108.53 > 76.10.176.225.29466: 64767*- 2/5/17 A 199.71.0.63, RRSIG (1464)
06:25:12.825165 IP 76.10.176.225.41688 > 192.82.134.30.53: 60226% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.826027 IP 199.5.26.108.53 > 76.10.176.225.36623: 64733*- 2/5/15 A 204.61.216.50, RRSIG (1464)
06:25:12.826515 IP 199.5.26.108.53 > 76.10.176.225.4096: 4867*- 2/5/17 A 199.180.180.63, RRSIG (1464)
06:25:12.827262 IP 199.5.26.108.53 > 76.10.176.225.60827: 11873*- 2/5/17 A 199.212.0.63, RRSIG (1464)
06:25:12.844257 IP 151.236.23.137.53 > 76.10.176.225.14409: 42924 NXDomain*- 0/1/0 (113)
06:25:12.845500 IP 192.82.134.30.53 > 76.10.176.225.41688: 60226- 0/4/1 (321)
06:25:12.845740 IP 151.236.23.137.53 > 76.10.176.225.27330: 41872 NXDomain*- 0/1/0 (108)
06:25:12.846159 IP 76.10.176.225.24089 > 192.31.80.30.53: 28361% [1au] A? ns2.teksavvy.com. (45)
06:25:12.846275 IP 76.10.176.225.10733 > 192.31.80.30.53: 54840% [1au] A? ns.teksavvy.com. (44)
06:25:12.852749 IP 193.0.9.7.53 > 76.10.176.225.47117: 47324*- 2/0/1 A 193.0.9.10, RRSIG (234)
06:25:12.863008 IP 192.31.80.30.53 > 76.10.176.225.24089: 28361- 0/8/7 (719)
06:25:12.863248 IP 192.31.80.30.53 > 76.10.176.225.10733: 54840- 0/8/7 (719)
06:25:12.863699 IP 76.10.176.225.37363 > 107.179.179.1.53: 6502% [1au] A? ns2.teksavvy.com. (45)
06:25:12.863813 IP 76.10.176.225.42969 > 107.179.179.1.53: 47957% [1au] A? ns.teksavvy.com. (44)
06:25:12.869999 IP 107.179.179.1.53 > 76.10.176.225.37363: 6502*- 1/0/1 A 206.248.182.4 (61)
06:25:12.870233 IP 107.179.179.1.53 > 76.10.176.225.42969: 47957*- 1/0/1 A 206.248.182.3 (60)
06:25:12.870619 IP 76.10.176.225.46187 > 206.248.182.3.53: 61397% [1au] PTR? 225.176.10.76.in-addr.arpa. (55)
06:25:12.877746 IP 206.248.182.3.53 > 76.10.176.225.46187: 61397*- 1/0/1 PTR box.f2f10.com. (82)
06:25:12.878551 IP 76.10.176.225.7683 > 192.5.5.241.53: 18238% [1au] DS? arpa. (33)
06:25:12.885258 IP 192.5.5.241.53 > 76.10.176.225.7683: 18238*- 3/0/1 DS, DS, RRSIG (404)
06:25:12.886168 IP 76.10.176.225.27888 > 192.203.230.10.53: 25651% [1au] DS? in-addr.arpa. (41)
06:25:12.892997 IP 192.203.230.10.53 > 76.10.176.225.27888: 25651*- 4/0/1 DS, DS, DS, RRSIG (349)
06:25:12.893771 IP 76.10.176.225.61052 > 192.33.4.12.53: 7281% [1au] DNSKEY? arpa. (33)
06:25:12.914777 IP 192.33.4.12.53 > 76.10.176.225.61052: 7281*- 4/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG (897)
06:25:12.916056 IP 76.10.176.225.19809 > 192.5.5.241.53: 51150% [1au] DS? 76.in-addr.arpa. (44)
06:25:12.922751 IP 192.5.5.241.53 > 76.10.176.225.19809: 51150- 0/10/13 (728)
06:25:12.923565 IP 76.10.176.225.27992 > 199.253.183.183.53: 60730% [1au] DS? 76.in-addr.arpa. (44)
06:25:13.049322 IP 199.253.183.183.53 > 76.10.176.225.27992: 60730*- 2/0/1 DS, RRSIG (252)
06:25:13.050066 IP 76.10.176.225.38523 > 203.119.86.101.53: 61343% [1au] DNSKEY? in-addr.arpa. (41)
06:25:13.287824 IP 203.119.86.101.53 > 76.10.176.225.38523: 61343*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG (1341)
06:25:13.289193 IP 76.10.176.225.39803 > 200.10.60.53.53: 41001% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:13.636862 IP 76.10.176.225.28954 > 8.8.4.4.53: 17905+ AAAA? safebrowsing.googleapis.com. (45)
06:25:13.669265 IP 8.8.4.4.53 > 76.10.176.225.28954: 17905 1/0/0 AAAA 2607:f8b0:400b:808::200a (73)
06:25:14.089452 IP 76.10.176.225.62358 > 196.216.169.10.53: 52511% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:14.211529 IP 196.216.169.10.53 > 76.10.176.225.62358: 52511- 0/8/1 (375)
06:25:14.212300 IP 76.10.176.225.49983 > 193.0.9.10.53: 57313% [1au] DS? 10.76.in-addr.arpa. (47)
06:25:14.298284 IP 193.0.9.10.53 > 76.10.176.225.49983: 57313*- 0/4/1 (495)
06:25:14.299370 IP 76.10.176.225.8608 > 204.61.216.50.53: 49795% [1au] DNSKEY? 76.in-addr.arpa. (44)
06:25:14.306522 IP 204.61.216.50.53 > 76.10.176.225.8608: 49795*- 5/0/1 DNSKEY, DNSKEY, DNSKEY, RRSIG, RRSIG (1098)
06:25:14.309121 IP 76.10.176.225.15129 > 199.71.0.63.53: 51339% [1au] DS? 176.10.76.in-addr.arpa. (51)
06:25:14.374769 IP 199.71.0.63.53 > 76.10.176.225.15129: 51339*- 0/4/1 (499)
06:25:14.392326 IP 76.10.176.225.21572 > 193.74.22.152.53: 14194% [1au] A? box.f2f10.com.dbl.spamhaus.org. (59)
06:25:14.499028 IP 193.74.22.152.53 > 76.10.176.225.21572: 14194 NXDomain*- 0/1/0 (112)
06:25:20.810711 IP 76.10.176.225.19360 > 8.8.4.4.53: 52497+ A? detectportal.firefox.com. (42)
06:25:20.854232 IP 8.8.4.4.53 > 76.10.176.225.19360: 52497 4/0/0 CNAME detectportal.firefox.com.edgesuite.net., CNAME a1089.d.akamai.net., A 206.248.168.137, A 206.248.168.144 (155)
^C

94

now, question is, what difference between openWRT and openSense (pfSense) that make MAIB works fine in DMZ with openwrt, but not with opnSense???

95

it looks like that my openWRT Port Forwarding all have “nat loop back” enabled, which is NAT Reflection…

96

now, i probably , need proper NAT reflection to work on opensense…

97

after enabling NAT Reflectin in openSense…
@box:~$ sudo /home/devnull/mailinabox/management/status_checks.py

System

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Public DNS (nsd4) is not running (port 53).
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at 76.10.176.225:25.
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 76.10.176.225:587.
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at 76.10.176.225:993.
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 76.10.176.225:4190.
:heavy_multiplication_x: HTTP Web (nginx) is running but is not publicly accessible at 76.10.176.225:80.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
:heavy_multiplication_x: HTTPS Web (nginx) is running but is not publicly accessible at 76.10.176.225:443.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
✓ SSH disallows password-based login.
✓ System software is up to date.
? Mail-in-a-Box version check disabled by privacy setting.
✓ System administrator address exists as a mail alias. [administrator@box.f2f10.com ↦ co-traveler@f2f10.com]
✓ The disk has 164.30 GB space remaining.
✓ System memory is 97% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.f2f10.com

:heavy_multiplication_x: Nameserver glue records are incorrect. The ns1.box.f2f10.com and ns2.box.f2f10.com nameservers must be configured
at your domain name registrar as having the IP address 76.10.176.225. They currently report addresses of [Not **
** Set]/[Not Set]. It may take several hours for public DNS to update after a change.
:heavy_multiplication_x: This domain must resolve to your box’s IP address (76.10.176.225) in public DNS but it currently resolves to [Not
Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues
listed above.
✓ Reverse DNS is set correctly at ISP. [76.10.176.225 ↦ box.f2f10.com]
✓ Hostmaster contact address exists as a mail alias. [hostmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain’s email is directed to this domain. [box.f2f10.com has no MX record, which is ok]
✓ Postmaster contact address exists as a mail alias. [postmaster@box.f2f10.com ↦ administrator@box.f2f10.com]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 89 days on 03/23/18.

f2f10.com

:heavy_multiplication_x: The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s
control panel to set the nameservers to ns1.box.f2f10.com; ns2.box.f2f10.com.
:heavy_multiplication_x: This domain’s DNS MX record is not set. It should be ‘10 box.f2f10.com’. Mail will not be delivered to this box.
It may take several hours for public DNS to update after a change. This problem may result from other issues
listed here.
✓ Domain is not blacklisted by dbl.spamhaus.org.
:heavy_multiplication_x: This domain should resolve to your box’s IP address (A 76.10.176.225) if you would like the box to serve webmail
or a website on this domain. The domain currently resolves to [Not Set] in public DNS. It may take several hours
for public DNS to update after a change. This problem may result from other issues listed here.
? This domain’s DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. To set a DS
record, you must follow the instructions provided by your domain name registrar and provide to them this
information:

Key Tag: 60585
Key Flags: KSK
Algorithm: 7 / RSASHA1-NSEC3-SHA1
Digest Type: 2 / SHA-256
Digest: 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3
Public Key:

AwEAAdMypof8r0AsRFZBRWDmW6/DFdDAr5uyYYslbb3x2c5PWST8nrZQU3+Pr8q/KafBTrlrLFOiE2LLHkXqmdwYmM/ChEjblutn4n9lUVua2ni90RRif+/qdzJpk5d1zJXsNuTvYv7O41Ikk9kVhvRgKW+2surM8Q6IEiKdvtAdBKinZVDwRJvpXvebRBnZ5GYV58e+Khf6YCTUC1PGXck5ULsTHy0MBUtAvyZ/qFRo2B7d17lfoNw9cK10at8AGSvr2WZNEUkWiaaf2yF+zNoHgmB41P8pUfGxPGCS/4G/zDWvUMX8RrBwJj63XGUVHR/AAnrhedh7q/1h2ayD1blM5+k=

Bulk/Record Format:
f2f10.com. 3600 IN DS 60585 7 2 2052282b2999d0937749f7d2241d7acf6bbc4504ae9045a9020d7abffc2b5ab3

98

It looks like that it’s not resolved issue yet even with NAT Reflection enabled on OpnSense, while NAT Loopback works fine with OpenWRT…???////

Anyone with OpnSense + MAIB setting that works? Thanks in advance…

99

with NAT Reflectin enabled, it seems that my email client from internal network can access MAIB with no issues. Therefore I don’t need to enable Split DNS for that for now. However, MAIB status check still doesn’t work…

100

Ok, on openwrt, I have the following configuration in Firewall and with NAT Loopback enabled for incoming port forwarding…

config redirect
option target 'DNAT’
option src 'wan’
option dest 'dmz’
option proto 'tcp udp’
option src_dport '53’
option dest_port '53’
option name 'dns’
option dest_ip ‘192.168.140.253’

@TorWrt# iptables-save | grep NAT
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 25 -m comment –comment “mx (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 443 -m comment --comment “web-email (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 80 -m comment --comment “webmail80-let’sencrypt (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p tcp -m tcp --dport 53 -m comment –comment “dns (reflection)” -j SNAT --to-source 192.168.140.1
-A zone_dmz_postrouting -s 192.168.140.0/24 -d 192.168.140.253/32 -p udp -m udp --dport 53 -m comment –comment “dns (reflection)” -j SNAT --to-source 192.168.140.1

-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 25 -m comment --comment “mx (reflection)” -j DNAT --to-destination 192.168.140.253:25
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 443 -m comment –comment “web-email (reflection)” -j DNAT --to-destination 192.168.140.253:443
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 80 -m comment –comment “webmail80-let’sencrypt (reflection)” -j DNAT --to-destination 192.168.140.253:80
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p tcp -m tcp --dport 53 -m comment –comment “dns (reflection)” -j DNAT --to-destination 192.168.140.253:53
-A zone_dmz_prerouting -s 192.168.140.0/24 -d 76.10.176.225/32 -p udp -m udp --dport 53 -m comment –comment “dns (reflection)” -j DNAT --to-destination 192.168.140.253:53

-A zone_wan_prerouting -p tcp -m tcp --dport 25 -m comment --comment mx -j DNAT --to-destination 192.168.140.253:25
-A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment web-email -j DNAT --to-destination 192.168.140.253:443
-A zone_wan_prerouting -p tcp -m tcp --dport 80 -m comment --comment “webmail80-let’sencrypt” -j DNAT --to-destination 192.168.140.253:80
-A zone_wan_prerouting -p tcp -m tcp --dport 53 -m comment --comment dns -j DNAT --to-destination 192.168.140.253:53
-A zone_wan_prerouting -p udp -m udp --dport 53 -m comment --comment dns -j DNAT --to-destination 192.168.140.253:53

-A zone_dmz_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_dmz_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment “Accept port forwards” -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment “Accept port redirections” -j ACCEPTstrong text