[bdNOG] Yahoo Mail can't communicate with my domain servers

Philip Smith philip at nsrc.org
Sat Dec 26 16:44:10 BDT 2015


Hi Jasim,

I've seen this exact symptom before, in region.

I've checked in a few places around the Internet. Where the paths to you
run through Airtel I cannot get any name resolution for btraccl.net.
Where the paths do not run through Airtel, DNS works just fine.

Non-airtel path:

 7  103-16-152-25-noc.bsccl.com (103.16.152.25)  128.800 ms  130.064 ms
 130.056 ms
 8  103-16-152-33-noc.bsccl.com (103.16.152.33)  133.250 ms  133.094 ms
 133.268 ms
 9  103-16-155-26-noc.bsccl.com (103.16.155.26)  154.001 ms  154.018 ms
 153.998 ms
10  po1-ar1-bn1-dh.equitel.com.bd (103.9.186.66)  133.732 ms  133.706 ms
 133.751 ms
11  103.9.186.130 (103.9.186.130)  134.851 ms  134.988 ms  135.118 ms
12  cp1.btraccl.net (103.9.185.227)  155.304 ms  155.304 ms  155.294 ms

$ dig btraccl.net a

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.4 <<>> btraccl.net a
;; global options:  printcmd
;; Got answer:

btraccl.net.		14400	IN	A	103.9.185.227


Airtel path:

 7  9498.hkg.equinix.com (119.27.63.26)  153.907 ms  151.835 ms  152.576 ms
 8  182.79.234.238 (182.79.234.238)  217.081 ms 182.79.234.201
(182.79.234.201)  218.547 ms 182.79.247.178 (182.79.247.178)  218.766 ms
 9  aes-static-190.137.144.59.airtel.in (59.144.137.190)  270.817 ms
265.320 ms  264.935 ms
10  103.7.249.110 (103.7.249.110)  249.120 ms  248.193 ms  247.767 ms
11  103.9.186.66 (103.9.186.66)  267.391 ms  265.746 ms  265.328 ms
12  103.9.186.130 (103.9.186.130)  273.015 ms  271.443 ms  271.502 ms
13  103.9.185.229 (103.9.185.229)  264.746 ms  263.285 ms  263.443 ms

$ dig btraccl.net a

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> btraccl.net a
;; global options: +cmd
;; connection timed out; no servers could be reached

This is going to be hard for you to sort directly though - you'll need
to ask your upstream (Equitel Communication Ltd) to talk to Fiber at Home
who get transit from Airtel.

The way to check this is to ask Equitel to shutdown their link to
Fiber at Home for a short period, let BGP reroute you exclusively onto the
BSCCL link (Equitel's other upstream), and then check your DNS from
various spots around the globe again.


Note, I could be wrong, but this symptom was exactly what I saw a few
months back, and it took the operator concerned almost 2 months of
frustration to sort. Turns out Airtel were filtering DNS on their link -
it took quite a bit of escalation to sort, and no reasoning was offered
by Airtel either. (Maybe someone from Airtel is on the list here and can
help?)

philip
--

Jasim Alam wrote on 23/12/2015 08:53 :
> Hi,
> 
> From  last couple of day mail sent from yahoo mail to my domain
> (btraccl.net) are being bounced back, please see the forwarded mail.
> Yahoo saying they can't find my A or MX record. But mxtoolbox and google
> tool saying there is nothing wrong with my dns configuration
> 
> http://mxtoolbox.com/domain/btraccl.net/
> https://toolbox.googleapps.com/apps/dig/#A/btraccl.net
> https://toolbox.googleapps.com/apps/dig/#MX/btraccl.net
> 
> After further digging , I found that from some location my dns is
> resolved from some location from some not. 
> 
> https://www.whatsmydns.net/#A/btraccl.net
> https://dnschecker.org/#A/btraccl.net
> https://www.nexcess.net/resources/tools/global-dns-checker/?h=btraccl.net&t=A
> 
> 
> Same for online port scanners, some online port scanner can open my dns
> server's port 53 some can't. 
> 
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>                                                                        
>                              [Port Scan]
> 
> # from local network
> 
> nmap 103.9.185.229
> 
> Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-22 12:02 BDT
> Nmap scan report for 103.9.185.229
> Host is up (0.0054s latency).
> Not shown: 993 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 53/tcp open domain
> 80/tcp open http
> 465/tcp open smtps
> 587/tcp open submission
> 3306/tcp open mysql
> 
> Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
> 
> 
> #
> https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
> 
> Starting Nmap 6.00 ( http://nmap.org ) at 2015-12-22 08:14 EET
> Initiating Ping Scan at 08:14
> Scanning 103.9.185.229 [4 ports]
> Completed Ping Scan at 08:14, 0.26s elapsed (1 total hosts)
> Initiating SYN Stealth Scan at 08:14
> Scanning 103.9.185.229 [100 ports]
> Discovered open port 3306/tcp on 103.9.185.229
> Discovered open port 53/tcp on 103.9.185.229
> Discovered open port 465/tcp on 103.9.185.229
> Discovered open port 25/tcp on 103.9.185.229
> Discovered open port 587/tcp on 103.9.185.229
> Discovered open port 22/tcp on 103.9.185.229
> Completed SYN Stealth Scan at 08:14, 1.66s elapsed (100 total ports)
> 
> 
> 
> http://www.ipfingerprints.com/portscan.php
> 
> 103.9.185.229 53/tcp open   domain
> 103.9.185.230 53/tcp open   domain
> 
> 
> http://ports.my-addr.com/check-all-open-ports-online.php
> 
> 103.9.185.229:53 = success
> 103.9.185.230:53 = success
> 
> 
> http://mxtoolbox.com/SuperTool.aspx?action=scan%3a103.9.185.229&run=toolpage
> 53dnsOpen266
> 
> http://mxtoolbox.com/SuperTool.aspx?action=scan%3a103.9.185.230&run=toolpage
> 53dnsOpen281
> 
> 
> 
> http://ping.eu/port-chk/
> 
> 103.9.185.229:53 port is closed
> 103.9.185.230:53 port is closed
> 103.9.185.229:465 port is open
> 103.9.185.229:25 port is open
> 103.9.185.229:587 port is open
> 103.9.185.229:3306 port is open
> 
> ...............................................
> 
> all else port seems open
> 
> 
> 
> http://www.t1shopper.com/tools/port-scan/
> 
> 103.9.185.229 isn't responding on port 53 (domain).
> 103.9.185.230 isn't responding on port 53 (domain).
> 103.9.185.229 is responding on port 25 (smtp).
> ............................................................
> same here 
> 
> 
> 
> http://www.yougetsignal.com/tools/open-ports/
> 
> Port 53 is closed on 103.9.185.229.
> Port 53 is closed on 103.9.185.230.
> Port 25 is open on 103.9.185.229.
> ----------------------------------
> same here 
> 
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> 
> This put me in nowhere as there are no host/network acl to filter the
> dns traffic. ISP/IIG/ITC telling me the same. 
> 
> Is this is any global routing issue ? Have anyone experienced  such
> scenarios ? Please suggest me any solution of this. 
> 
> 
> 
> Regards,
> Jasim
> 
> 
> 
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> 
> On Monday, December 21, 2015 10:17 AM, "MAILER-DAEMON at yahoo.com"
> <MAILER-DAEMON at yahoo.com> wrote:
> 
> 
> Sorry, we were unable to deliver your message to the following address.
> 
> <jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>>:
> No MX or A records for btraccl.net
> 
> --- Below this line is a copy of the message.
> 
> Received: from [66.196.81.174] by nm26.bullet.mail.bf1.yahoo.com with
> NNFMP; 21 Dec 2015 03:53:35 -0000
> Received: from [98.139.212.217] by tm20.bullet.mail.bf1.yahoo.com with
> NNFMP; 21 Dec 2015 03:53:35 -0000
> Received: from [127.0.0.1] by omp1026.mail.bf1.yahoo.com with NNFMP; 21
> Dec 2015 03:53:35 -0000
> X-Yahoo-Newman-Property: ymail-3
> X-Yahoo-Newman-Id: 458777.42486.bm at omp1026.mail.bf1.yahoo.com
> <mailto:458777.42486.bm at omp1026.mail.bf1.yahoo.com>
> X-YMail-OSG: eRLkhAUVM1m0iGywFxEWTqIClC9kpx9qep2H3h87A5pXx7u2nChv7ojlOA3fPfM
> roCPBlSiUKcgA3RcgQ2Sb1reTx.PrLKmpH02eJy73Zct1QKep.znfHg.M.fuVcGtxASr_UG41vkF
> TePG24o6oWYfOzaDxvKbrj6gZ8X7_2892LrZbcwH7vWLaLewvUoweKlWtHw7T5vldvDwwosWu33Q
> iX0k0PBAKx._HtbJMxEiPRsl7dRjhRI54UbfnzIx5xSx0xtWyzVDVMKtTXOIA1Czwu2JqRyIvEUJ
> Yjd_FnOcPsHQsrTsZUvQk89pYEBgilMhVoMTnsbwm4g4MYjK7vMAOH0XJnxvkNuFnhUWAjKVb80F
> UF.jXDoD.E5oO0XsZorFAu9MCtya54XZP0cE4TypHxan7xEpUmVkoTJaY8gUFjoHeOknqjWdwQbw
> 4Xs2d2I0FAIwlU72IygsYzTRrW39ZI8KOmcIGD7I28pI3A.LlPqTuFsfePx1nCFr4xH70qljrBW6
> g7bA0fpB7t3eafXRVCtsc7h5b
> Received: by 66.196.80.121; Mon, 21 Dec 2015 03:53:35 +0000
> Date: Mon, 21 Dec 2015 03:53:34 +0000 (UTC)
> From: Jasim Alam <jasim21 at ymail.com <mailto:jasim21 at ymail.com>>
> Reply-To: Jasim Alam <jasim21 at ymail.com <mailto:jasim21 at ymail.com>>
> To: Jasim Alam <jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>>
> Message-ID:
> <1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com>>
> Subject: test mail
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>     boundary="----=_Part_1561021_133957058.1450670014436"
> References:
> <1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com>>
> Content-Length: 513
> 
> ------=_Part_1561021_133957058.1450670014436
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 7bit
> 
> test mail
> ------=_Part_1561021_133957058.1450670014436
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: 7bit
> 
> <html><head></head><body><div style="color:#000; background-color:#fff;
> font-family:garamond, new york, times, serif;font-size:13px"><div
> id="yui_3_16_0_1_1450669984207_2646" dir="ltr">test
> mail</div></div></body></html>
> ------=_Part_1561021_133957058.1450670014436--
> 
> 
> 
> 
> _______________________________________________
> nog mailing list
> nog at bdnog.org
> http://mailman.bdnog.org/mailman/listinfo/nog
> 


More information about the nog mailing list