Problem sending to some domains


#1

Morning All,

Hoping you might be able to help. I have had to move a couple of domains off my MIAB hosted on DO onto a different Non-MIAB server also hosted on DO and for some reason the MIAB will not send to those domains, Will happily receive but not send to. Other mail servers can send to the new server just fine.

I have checked DNS propagation and that has all gone through. I get these errors in syslog

Dec 18 10:25:24 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.58.51#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 198.41.222.173#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.59.41#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.59.41#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.58.51#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 198.41.222.173#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.59.41#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.58.51#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 198.41.222.173#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.59.41#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 173.245.58.51#53
Dec 18 10:25:25 box named[1318]: validating @0x7fba98322080: allthedomains.online MX: got insecure response; parent indicates it should be secure
Dec 18 10:25:25 box named[1318]: error (insecurity proof failed) resolving ‘allthedomains.online/MX/IN’: 198.41.222.173#53

When reading the forums the suggestion has been made that the resolv.conf might have something to do with it.

nameserver 67.207.67.2
nameserver 67.207.67.3
nameserver 127.0.0.1

for some reason I cannot dig those domains from the MAIB but can from my own machine and http://digwebinterface.com this applys for both the allthedomains.online and west-lan.info

Wondering you guys might have any insight as to what can be done about this as I am now wondering if there are other emails that are not being send.

Just realized I hadn’t deleted the old DNSSEC details so have just done it will see if that makes a difference.

Thanks in advance


#2

This should make a difference …


#3

yup that was it the DNSSEC details stopping the email also appears that it was affecting the issuing of Let’s Encrypt Certs.

Shame the error make no sence in this regard with just “Host not found” etc. Ah well I will need to remember that one. Hopefully if anyone else has a similar issue this might give them direction to look at the DNSSEC.