[bdNOG] Yahoo Mail can't communicate with my domain servers
Philip Smith
philip at nsrc.org
Wed Dec 30 04:29:25 BDT 2015
Hi Jasim,
Glad to hear that you managed to track the problem down.
I'd love to know what Bharti's reasoning is for blocking DNS traffic.
I'm struggling to think of one myself right now. Hopefully when they get
back to you they might explain why...
Best wishes!
philip
--
Jasim Alam wrote on 27/12/2015 07:31 :
> Dear Philip,
>
> That worked like magic ! We rerouted the traffc via TATA [AS6453] and
> everyone can resolve our DNS now.
> https://www.whatsmydns.net/#A/btraccl.net
>
> Apparently Bahrati Airtel [AS 9498] was filtering our DNS traffic. We
> are currently pursuing answer from Bharti. I will let you know if I get
> anything. Hopefully this would be a reference point , if your DNS is
> being resolve only in partial globe and your traffic pass via Bharti you
> can point finger to Bharti.
>
> Thank you guys a lot ( Philip, Brian, Anurag, Shuman and all others) to
> help to save our adrenaline.
>
> Thanks to bdNOG providing such wonderful platform.
>
> Regards,
> jasim
>
>
> On Saturday, December 26, 2015 4:44 PM, Philip Smith <philip at nsrc.org>
> wrote:
>
>
> Hi Jasim,
>
> I've seen this exact symptom before, in region.
>
> I've checked in a few places around the Internet. Where the paths to you
> run through Airtel I cannot get any name resolution for btraccl.net.
> Where the paths do not run through Airtel, DNS works just fine.
>
> Non-airtel path:
>
> 7 103-16-152-25-noc.bsccl.com (103.16.152.25) 128.800 ms 130.064 ms
> 130.056 ms
> 8 103-16-152-33-noc.bsccl.com (103.16.152.33) 133.250 ms 133.094 ms
> 133.268 ms
> 9 103-16-155-26-noc.bsccl.com (103.16.155.26) 154.001 ms 154.018 ms
> 153.998 ms
> 10 po1-ar1-bn1-dh.equitel.com.bd (103.9.186.66) 133.732 ms 133.706 ms
> 133.751 ms
> 11 103.9.186.130 (103.9.186.130) 134.851 ms 134.988 ms 135.118 ms
> 12 cp1.btraccl.net (103.9.185.227) 155.304 ms 155.304 ms 155.294 ms
>
> $ dig btraccl.net a
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.4 <<>> btraccl.net a
> ;; global options: printcmd
> ;; Got answer:
>
> btraccl.net. 14400 IN A 103.9.185.227
>
>
> Airtel path:
>
> 7 9498.hkg.equinix.com (119.27.63.26) 153.907 ms 151.835 ms 152.576 ms
> 8 182.79.234.238 (182.79.234.238) 217.081 ms 182.79.234.201
> (182.79.234.201) 218.547 ms 182.79.247.178 (182.79.247.178) 218.766 ms
> 9 aes-static-190.137.144.59.airtel.in (59.144.137.190) 270.817 ms
> 265.320 ms 264.935 ms
> 10 103.7.249.110 (103.7.249.110) 249.120 ms 248.193 ms 247.767 ms
> 11 103.9.186.66 (103.9.186.66) 267.391 ms 265.746 ms 265.328 ms
> 12 103.9.186.130 (103.9.186.130) 273.015 ms 271.443 ms 271.502 ms
> 13 103.9.185.229 (103.9.185.229) 264.746 ms 263.285 ms 263.443 ms
>
> $ dig btraccl.net a
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.5 <<>> btraccl.net a
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
> This is going to be hard for you to sort directly though - you'll need
> to ask your upstream (Equitel Communication Ltd) to talk to Fiber at Home
> <mailto:Fiber at Home>
> who get transit from Airtel.
>
> The way to check this is to ask Equitel to shutdown their link to
> Fiber at Home <mailto:Fiber at Home> for a short period, let BGP reroute you
> exclusively onto the
> BSCCL link (Equitel's other upstream), and then check your DNS from
> various spots around the globe again.
>
>
> Note, I could be wrong, but this symptom was exactly what I saw a few
> months back, and it took the operator concerned almost 2 months of
> frustration to sort. Turns out Airtel were filtering DNS on their link -
> it took quite a bit of escalation to sort, and no reasoning was offered
> by Airtel either. (Maybe someone from Airtel is on the list here and can
> help?)
>
> philip
> --
>
> Jasim Alam wrote on 23/12/2015 08:53 :
>> Hi,
>>
>> From last couple of day mail sent from yahoo mail to my domain
>> (btraccl.net) are being bounced back, please see the forwarded mail.
>> Yahoo saying they can't find my A or MX record. But mxtoolbox and google
>> tool saying there is nothing wrong with my dns configuration
>>
>> http://mxtoolbox.com/domain/btraccl.net/
>> https://toolbox.googleapps.com/apps/dig/#A/btraccl.net
>> https://toolbox.googleapps.com/apps/dig/#MX/btraccl.net
>>
>> After further digging , I found that from some location my dns is
>> resolved from some location from some not.
>>
>> https://www.whatsmydns.net/#A/btraccl.net
>> https://dnschecker.org/#A/btraccl.net
>>
> https://www.nexcess.net/resources/tools/global-dns-checker/?h=btraccl.net&t=A
>>
>>
>> Same for online port scanners, some online port scanner can open my dns
>> server's port 53 some can't.
>>
>>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> [Port Scan]
>>
>> # from local network
>>
>> nmap 103.9.185.229
>>
>> Starting Nmap 6.47 ( http://nmap.org <http://nmap.org/>) at 2015-12-22
> 12:02 BDT
>> Nmap scan report for 103.9.185.229
>> Host is up (0.0054s latency).
>> Not shown: 993 closed ports
>> PORT STATE SERVICE
>> 22/tcp open ssh
>> 25/tcp open smtp
>> 53/tcp open domain
>> 80/tcp open http
>> 465/tcp open smtps
>> 587/tcp open submission
>> 3306/tcp open mysql
>>
>> Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
>>
>>
>> #
>>
> https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap
>>
>> Starting Nmap 6.00 ( http://nmap.org <http://nmap.org/>) at 2015-12-22
> 08:14 EET
>> Initiating Ping Scan at 08:14
>> Scanning 103.9.185.229 [4 ports]
>> Completed Ping Scan at 08:14, 0.26s elapsed (1 total hosts)
>> Initiating SYN Stealth Scan at 08:14
>> Scanning 103.9.185.229 [100 ports]
>> Discovered open port 3306/tcp on 103.9.185.229
>> Discovered open port 53/tcp on 103.9.185.229
>> Discovered open port 465/tcp on 103.9.185.229
>> Discovered open port 25/tcp on 103.9.185.229
>> Discovered open port 587/tcp on 103.9.185.229
>> Discovered open port 22/tcp on 103.9.185.229
>> Completed SYN Stealth Scan at 08:14, 1.66s elapsed (100 total ports)
>>
>>
>>
>> http://www.ipfingerprints.com/portscan.php
>>
>> 103.9.185.229 53/tcp open domain
>> 103.9.185.230 53/tcp open domain
>>
>>
>> http://ports.my-addr.com/check-all-open-ports-online.php
>>
>> 103.9.185.229:53 = success
>> 103.9.185.230:53 = success
>>
>>
>>
> http://mxtoolbox.com/SuperTool.aspx?action=scan%3a103.9.185.229&run=toolpage
>> 53dnsOpen266
>>
>>
> http://mxtoolbox.com/SuperTool.aspx?action=scan%3a103.9.185.230&run=toolpage
>> 53dnsOpen281
>>
>>
>>
>> http://ping.eu/port-chk/
>>
>> 103.9.185.229:53 port is closed
>> 103.9.185.230:53 port is closed
>> 103.9.185.229:465 port is open
>> 103.9.185.229:25 port is open
>> 103.9.185.229:587 port is open
>> 103.9.185.229:3306 port is open
>>
>> ...............................................
>>
>> all else port seems open
>>
>>
>>
>> http://www.t1shopper.com/tools/port-scan/
>>
>> 103.9.185.229 isn't responding on port 53 (domain).
>> 103.9.185.230 isn't responding on port 53 (domain).
>> 103.9.185.229 is responding on port 25 (smtp).
>> ............................................................
>> same here
>>
>>
>>
>> http://www.yougetsignal.com/tools/open-ports/
>>
>> Port 53 is closed on 103.9.185.229.
>> Port 53 is closed on 103.9.185.230.
>> Port 25 is open on 103.9.185.229.
>> ----------------------------------
>> same here
>>
>>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> This put me in nowhere as there are no host/network acl to filter the
>> dns traffic. ISP/IIG/ITC telling me the same.
>>
>> Is this is any global routing issue ? Have anyone experienced such
>> scenarios ? Please suggest me any solution of this.
>>
>>
>>
>> Regards,
>> Jasim
>>
>>
>>
>>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> On Monday, December 21, 2015 10:17 AM, "MAILER-DAEMON at yahoo.com
> <mailto:MAILER-DAEMON at yahoo.com>"
>> <MAILER-DAEMON at yahoo.com <mailto:MAILER-DAEMON at yahoo.com>> wrote:
>>
>>
>> Sorry, we were unable to deliver your message to the following address.
>>
>> <jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>
> <mailto:jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>>>:
>> No MX or A records for btraccl.net
>>
>> --- Below this line is a copy of the message.
>>
>> Received: from [66.196.81.174] by nm26.bullet.mail.bf1.yahoo.com with
>> NNFMP; 21 Dec 2015 03:53:35 -0000
>> Received: from [98.139.212.217] by tm20.bullet.mail.bf1.yahoo.com with
>> NNFMP; 21 Dec 2015 03:53:35 -0000
>> Received: from [127.0.0.1] by omp1026.mail.bf1.yahoo.com with NNFMP; 21
>> Dec 2015 03:53:35 -0000
>> X-Yahoo-Newman-Property: ymail-3
>> X-Yahoo-Newman-Id: 458777.42486.bm at omp1026.mail.bf1.yahoo.com
> <mailto:458777.42486.bm at omp1026.mail.bf1.yahoo.com>
>> <mailto:458777.42486.bm at omp1026.mail.bf1.yahoo.com
> <mailto:458777.42486.bm at omp1026.mail.bf1.yahoo.com>>
>> X-YMail-OSG:
> eRLkhAUVM1m0iGywFxEWTqIClC9kpx9qep2H3h87A5pXx7u2nChv7ojlOA3fPfM
>>
> roCPBlSiUKcgA3RcgQ2Sb1reTx.PrLKmpH02eJy73Zct1QKep.znfHg.M.fuVcGtxASr_UG41vkF
>>
> TePG24o6oWYfOzaDxvKbrj6gZ8X7_2892LrZbcwH7vWLaLewvUoweKlWtHw7T5vldvDwwosWu33Q
>>
> iX0k0PBAKx._HtbJMxEiPRsl7dRjhRI54UbfnzIx5xSx0xtWyzVDVMKtTXOIA1Czwu2JqRyIvEUJ
>>
> Yjd_FnOcPsHQsrTsZUvQk89pYEBgilMhVoMTnsbwm4g4MYjK7vMAOH0XJnxvkNuFnhUWAjKVb80F
>>
> UF.jXDoD.E5oO0XsZorFAu9MCtya54XZP0cE4TypHxan7xEpUmVkoTJaY8gUFjoHeOknqjWdwQbw
>>
> 4Xs2d2I0FAIwlU72IygsYzTRrW39ZI8KOmcIGD7I28pI3A.LlPqTuFsfePx1nCFr4xH70qljrBW6
>> g7bA0fpB7t3eafXRVCtsc7h5b
>> Received: by 66.196.80.121; Mon, 21 Dec 2015 03:53:35 +0000
>> Date: Mon, 21 Dec 2015 03:53:34 +0000 (UTC)
>> From: Jasim Alam <jasim21 at ymail.com <mailto:jasim21 at ymail.com>
> <mailto:jasim21 at ymail.com <mailto:jasim21 at ymail.com>>>
>> Reply-To: Jasim Alam <jasim21 at ymail.com <mailto:jasim21 at ymail.com>
> <mailto:jasim21 at ymail.com <mailto:jasim21 at ymail.com>>>
>> To: Jasim Alam <jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>
> <mailto:jasim.alam at btraccl.net <mailto:jasim.alam at btraccl.net>>>
>> Message-ID:
>> <1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com>
>> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo at mail.yahoo.com>>>
>> Subject: test mail
>> MIME-Version: 1.0
>> Content-Type: multipart/alternative;
>> boundary="----=_Part_1561021_133957058.1450670014436"
>> References:
>> <1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com>
>
>>
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com
> <mailto:1702908944.1561022.1450670014437.JavaMail.yahoo.ref at mail.yahoo.com>>>
>> Content-Length: 513
>>
>> ------=_Part_1561021_133957058.1450670014436
>> Content-Type: text/plain; charset=UTF-8
>> Content-Transfer-Encoding: 7bit
>>
>> test mail
>> ------=_Part_1561021_133957058.1450670014436
>> Content-Type: text/html; charset=UTF-8
>> Content-Transfer-Encoding: 7bit
>>
>> <html><head></head><body><div style="color:#000; background-color:#fff;
>> font-family:garamond, new york, times, serif;font-size:13px"><div
>> id="yui_3_16_0_1_1450669984207_2646" dir="ltr">test
>> mail</div></div></body></html>
>> ------=_Part_1561021_133957058.1450670014436--
>
>>
>>
>>
>>
>> _______________________________________________
>> nog mailing list
>> nog at bdnog.org <mailto:nog at bdnog.org>
>> http://mailman.bdnog.org/mailman/listinfo/nog
>
>>
>
>
More information about the nog
mailing list