2
« kdy: 13. 05. 2025, 10:22:20 »
Zdar, nesetkal se někdo s problémem, kdy mu nelze přeložit některý z typů záznamů u konkrétní domény? Řeším podivnou věc - kontroluju SPF záznam domény MAERSK.COM, ale servery vrací SERVFAIL. NS běží na Rocky Linuxu 8.
Nejprve překlad A záznamu - vše OK:
# dig maersk.com @127.0.0.1
; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.4 <<>> maersk.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22313
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: b18c389282d7e3dafe8c96a36822f8dc5353a6a0b1d7efde (good)
;; QUESTION SECTION:
;maersk.com. IN A
;; ANSWER SECTION:
maersk.com. 8 IN A 23.212.110.40
maersk.com. 8 IN A 23.212.110.67
;; AUTHORITY SECTION:
maersk.com. 102135 IN NS a13-67.akam.net.
maersk.com. 102135 IN NS a1-4.akam.net.
;; ADDITIONAL SECTION:
a13-67.akam.net. 100259 IN A 2.22.230.67
a13-67.akam.net. 100259 IN AAAA 2600:1480:800::43
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Út kvě 13 09:46:36 CEST 2025
;; MSG SIZE rcvd: 191
Když chci ale zjistit SPF záznam (TXT record), vrací SERVFAIL:
# dig txt maersk.com @127.0.0.1
; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.4 <<>> txt maersk.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8921
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c816e12c8f0d074e427f10436822f9df0d0322073fe97294 (good)
;; QUESTION SECTION:
;maersk.com. IN TXT
;; Query time: 63 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Út kvě 13 09:50:55 CEST 2025
;; MSG SIZE rcvd: 67
NS neforwardují požadavky na nadřazené nameservery (třeba od ISP), překládají samy.
Pokud pošlu dotaz ze stejného serveru na jiný svůj NS (stařičký Centos7) nebo na Google 8.8.8.8, odpověď je OK:
# dig txt maersk.com @31.*.*.*
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.4 <<>> txt maersk.com @31.*.*.*
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57962
;; flags: qr rd ra; QUERY: 1, ANSWER: 113, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;maersk.com. IN TXT
;; ANSWER SECTION:
maersk.com. 300 IN TXT "c3a926jk5q42fuiloc43b6igfa"
maersk.com. 300 IN TXT "23gr26e6glfrgonddj8em3bcmm"
maersk.com. 300 IN TXT "4njlcf91om7mdimlrj2ehjheen"
maersk.com. 300 IN TXT "smartsheet-site-validation=0pqzhiVD-b8Kv6bPwVT5NX0OvQbZ2mKo"
maersk.com. 300 IN TXT "fv5sb1cfgqkptpbqefqfeneik3"
maersk.com. 300 IN TXT "3rgaome6aidt94tk5sa6rd1bf"
maersk.com. 300 IN TXT "4vu0qrr3isdhakvh1c0ngujilk"
maersk.com. 300 IN TXT "miro-verification=d0b7dde033085c907a3ee9555938b9482de5fc81"
maersk.com. 300 IN TXT "f4ihg4lfrm6pleovtgv5jfsoot"
maersk.com. 300 IN TXT "slljr60q1vu5hfcpfeeev10r35"
maersk.com. 300 IN TXT "3jvq6l55qch4clmam5q79r55ar"
maersk.com. 300 IN TXT "nno6u1pksrb7fpr3qluil2de1p"
maersk.com. 300 IN TXT "5m78ven45842qmgcjuo58ia9qv"
maersk.com. 300 IN TXT "laskcbimv5bfohiu15kdmuj8ha"
maersk.com. 300 IN TXT "9jaoouukfocetp57qvkhqu3be"
maersk.com. 300 IN TXT "1t8m8qmjmh7q2fdilbnq3stc3a"
maersk.com. 300 IN TXT "v=spf1 include:_u.maersk.com._spf.smart.ondmarc.com -all"
...
maersk.com. 300 IN TXT "k88vtkmsohjupk28ktqug3qjng"
maersk.com. 300 IN TXT "3ip3hhu6gom012d6hgc1avf5it"
maersk.com. 300 IN TXT "7h7pd7vvdp8e1n5cf191q2l6l"
;; Query time: 25 msec
;; SERVER: 31.*.*.*#53(31.*.*.*)
;; WHEN: Út kvě 13 09:52:17 CEST 2025
;; MSG SIZE rcvd: 4900
A teď to zajímavé - pokud spustím dig s parametrem +trace, výsledek vidím:
# dig +trace txt maersk.com @127.0.0.1
; <<>> DiG 9.11.36-RedHat-9.11.36-16.el8_10.4 <<>> +trace txt maersk.com @127.0.0.1
;; global options: +cmd
. 444248 IN NS b.root-servers.net.
. 444248 IN NS k.root-servers.net.
. 444248 IN NS l.root-servers.net.
. 444248 IN NS j.root-servers.net.
. 444248 IN NS d.root-servers.net.
. 444248 IN NS f.root-servers.net.
. 444248 IN NS g.root-servers.net.
. 444248 IN NS c.root-servers.net.
. 444248 IN NS e.root-servers.net.
. 444248 IN NS m.root-servers.net.
. 444248 IN NS h.root-servers.net.
. 444248 IN NS a.root-servers.net.
. 444248 IN NS i.root-servers.net.
. 444248 IN RRSIG NS 8 0 518400 20250525050000 20250512040000 53148 . Kg9Q1WjLVgjhEONwpg9EaeQkfMPNSvPUhQgvKPALVaBErLL/evEZGAtX jnbcyEe1HqAp02Frgn8D6thtiYtxULKXN84tioXUEoHSOU1DG4/UGLIh pDoKE4jndnt1yvTdMbmtUHGfbFQtd2kBGiep64NNvB25v555Hipzn6UB u3kNK+8kw1JUes4pKM5/B2HqwAbgwm05Pxe8CFbKYYS5y0JIeOm2jLRL FJUca4e85dqQB3nZkICsfgZoT2fGk8P8eKFEwJ3IzbI2gcj6a1rFU5Yl Y9rHg7389MOLEo8qg1fEypKUjHIkwkPD87gzU9GnNkXPV8KjL0ZChTiO TGcExg==
;; Received 1125 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com. 86400 IN RRSIG DS 8 1 86400 20250526050000 20250513040000 53148 . Dp0LcxfLXhD6VQgirNzg/iICnx8z9rKqVVYAW/MJhNeoBSO5bt9fBPsv EUdgfU8/jrRS/WLTIhGBL90z8joSIqx5oYfRixN9LKCOxc3ztPRWhFCP dvFbKqKOBXmD9MFR/On8EW7/q7IrbTrtxHo8rlQbnPxYR4DMZv58PTOc Yb+QJL/QsYjmBHf98YSjOD0eevDOSesogDDnjYcRXnHyupPNBkneqTHL 3GsljoGdnHqLA2hkyiE0fxW82RENx9Wh7QywlWRJVVOJtTXFj+A8Toyg HaVo8yMowRsryXPXxWOyrekK5BGtbUGed/ZLDKWBrRQYIDPR5G3i1n2C +0euYA==
;; Received 1170 bytes from 192.5.5.241#53(f.root-servers.net) in 9 ms
maersk.com. 172800 IN NS a1-4.akam.net.
maersk.com. 172800 IN NS a13-67.akam.net.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250519002553 20250511231553 40097 com. NOeqphUbX16MCmxDdxMXE6EWw5cL8XLew9A9HD7uzbCOkY0bc9o370qu B1YdoAuaxu8yWIvjWMke6qX+JZ4wbw==
RP8B5JHLQIF5MK30O2NKV8B4C6DUFLR0.com. 900 IN NSEC3 1 1 0 - RP8BIL3RTBILIIRIV79K16FFMMKM7F2Q NS DS RRSIG
RP8B5JHLQIF5MK30O2NKV8B4C6DUFLR0.com. 900 IN RRSIG NSEC3 13 2 900 20250518013457 20250511002457 40097 com. NIn01uQGz7m8nazv3pYsg3E+hYQzFPMuTnx/0PhGCYEsF9uitpf0wM31 P+2LHpXAghz5HKOmfIVpHhKumBHbcA==
;; Received 444 bytes from 192.33.14.30#53(b.gtld-servers.net) in 9 ms
maersk.com. 300 IN TXT "pn4d8s2vlcgqjenjkcgk876nej"
maersk.com. 300 IN TXT "qtbj2g1arb36ilofp94bh4h1c3"
maersk.com. 300 IN TXT "onetrust-domain-verification=f85c433a671d4368b18d444638261e66"
maersk.com. 300 IN TXT "jel89og4lac0skdf9qrk66addp"
maersk.com. 300 IN TXT "bqn60jp6891lipmt7v6nktgbd6"
maersk.com. 300 IN TXT "6h6qq9escdu6pdi67706r8iplv"
maersk.com. 300 IN TXT "nu3ao59nh1c4v9m46b4j6mc6n3"
maersk.com. 300 IN TXT "mf1kd3asueihfti46dl1c88d3a"
maersk.com. 300 IN TXT "n93fcaaoksjbr61gb39ljmveef"
maersk.com. 300 IN TXT "gkpog1gb3ahdfqo6lrh4n2u93p"
maersk.com. 300 IN TXT "ssa8a3l8m90temgvmpthlbr70f"
maersk.com. 300 IN TXT "k88vtkmsohjupk28ktqug3qjng"
maersk.com. 300 IN TXT "81jedev5eaaeutebu9435nr6si"
maersk.com. 300 IN TXT "492gcbqdarq132p0us0vb1pd44"
maersk.com. 300 IN TXT "b7dr9949doeicc0alt5dhnjrje"
maersk.com. 300 IN TXT "9ofkt047fr6i4uggeu08blbiro"
maersk.com. 300 IN TXT "p45qecp0k3hj0sea5lffco316l"
maersk.com. 300 IN TXT "laskcbimv5bfohiu15kdmuj8ha"
maersk.com. 300 IN TXT "mongodb-site-verification=ZQd4t5sozp9FAyv9IRVRUTftEFoxwJhl"
maersk.com. 300 IN TXT "3lhg76k896hm47rf3ic7i0pho4"
maersk.com. 300 IN TXT "g55c0bq29ik43bhug65edoariv"
maersk.com. 300 IN TXT "aje5b2oev60oii104dd85qg2g"
maersk.com. 300 IN TXT "s46ic6pe2ok4trbqp3gcsoe50f"
maersk.com. 300 IN TXT "dimsnci884tg75jivtrs4p4of3"
maersk.com. 300 IN TXT "374etrmoiqn99ln98upk0fca5q"
maersk.com. 300 IN TXT "lq2ab1kh666i3orqgah654e333"
maersk.com. 300 IN TXT "j3kv5n8qm2nc0m21r9aj9ujvh7"
maersk.com. 300 IN TXT "apple-domain-verification=HkWSufb_CogGVVxCuByRVGuMblR1sEaXuHQuJu5Xo5g"
maersk.com. 300 IN TXT "apple-domain-verification=2rnDCx91XO0PqJl5qLEoTImq1IxAmfTYk8oYENNnISw"
maersk.com. 300 IN TXT "mongodb-site-verification=xz5kyrhatFlXE6KTw8YjbRUwEpcBIMNn"
maersk.com. 300 IN TXT "1t8m8qmjmh7q2fdilbnq3stc3a"
maersk.com. 300 IN TXT "9ia8smovvtikh3fcblqonl1pjo"
maersk.com. 300 IN TXT "cavndqlrcta51qdq398j30qd25"
maersk.com. 300 IN TXT "c3a926jk5q42fuiloc43b6igfa"
maersk.com. 300 IN TXT "google-site-verification=lZm7QwNROkT-2o3pRjKIO1r7fQMr6vetbxRLWA7NN2g"
maersk.com. 300 IN TXT "puso8g93q9ptavso172dgi90nh"
maersk.com. 300 IN TXT "mrh4mta9alh2c943eis5l7v371"
maersk.com. 300 IN TXT "msfpkey=6x7vn6kmlfi5cxp8pmjuwy41p"
maersk.com. 300 IN TXT "smartsheet-site-validation=0pqzhiVD-b8Kv6bPwVT5NX0OvQbZ2mKo"
maersk.com. 300 IN TXT "aol922vtcmvnm83dl02650rvfc"
maersk.com. 300 IN TXT "kcitk7gq9rf3sb26agdkqutt8a"
maersk.com. 300 IN TXT "atlassian-domain-verification=XsiRE7vL/wteQab1X/BscwjB/M3Exkmsg0WSgYRPV/YJsz1bRfKaolSza7YH5z3n"
maersk.com. 300 IN TXT "gt03o825cbhtmc9cj3e5l5gnj2"
maersk.com. 300 IN TXT "uv74rsr2dudfjcnq98d7qjbqeg"
maersk.com. 300 IN TXT "hb74d1cu5ls4betiap7nl2cjim"
maersk.com. 300 IN TXT "rgpazewpmlit001routingci"
maersk.com. 300 IN TXT "xr5v454q13vjzrgxtfgfvjvjx6j0c830"
maersk.com. 300 IN TXT "ie0kss9gsqoroqmchudfdd9rhc"
maersk.com. 300 IN TXT "6tf23eu70hd5a9kcite7khb7vp"
maersk.com. 300 IN TXT "fv5sb1cfgqkptpbqefqfeneik3"
maersk.com. 300 IN TXT "bgihg7vijekmoqi4i337vnvh7j"
maersk.com. 300 IN TXT "77serhlq2vj1tiudga1buc7hte"
maersk.com. 300 IN TXT "mvpiu453h4hctsovdp7v727mvn"
maersk.com. 300 IN TXT "kgepqfogbs65m9tovu8k72gr9g"
maersk.com. 300 IN TXT "du2l05h268aa0q6kktuf6qp03d"
maersk.com. 300 IN TXT "dlfiofkttimaqh7ugilm414iht"
maersk.com. 300 IN TXT "n8gt0aeu985jlabeub9k7hpgco"
maersk.com. 300 IN TXT "65bp75bftmvkatlnatkr5eiirr"
maersk.com. 300 IN TXT "m4uaoena4v0lnadd6bvbf67rlv"
maersk.com. 300 IN TXT "f4ihg4lfrm6pleovtgv5jfsoot"
maersk.com. 300 IN TXT "87li7i0f9laenppra4punqor1s"
maersk.com. 300 IN TXT "4njlcf91om7mdimlrj2ehjheen"
maersk.com. 300 IN TXT "l744hgr61cfvbl50tnapsknmha"
maersk.com. 300 IN TXT "miro-verification=d0b7dde033085c907a3ee9555938b9482de5fc81"
maersk.com. 300 IN TXT "10btj73q3evdis5lnpfc9ksj3q"
maersk.com. 300 IN TXT "ddv70olmh6r5kk5vqp2rdkrcb2"
maersk.com. 300 IN TXT "aadhdmh7a3tdk2ikgoe6lha8ku"
maersk.com. 300 IN TXT "fbust4a8vmoauersj2fodfl7n7"
maersk.com. 300 IN TXT "550jadoecaudege2clr01vuusg"
maersk.com. 300 IN TXT "tskbji449m7fiqma498i15kotp"
maersk.com. 300 IN TXT "bnpt3gm9ccavr1k89ll70ia3hr"
maersk.com. 300 IN TXT "slljr60q1vu5hfcpfeeev10r35"
maersk.com. 300 IN TXT "nno6u1pksrb7fpr3qluil2de1p"
maersk.com. 300 IN TXT "3jvq6l55qch4clmam5q79r55ar"
maersk.com. 300 IN TXT "asv=2008907196855064eea2dadbb42409da"
maersk.com. 300 IN TXT "rgpazewpmlit001central"
maersk.com. 300 IN TXT "sdlclttmj0q1sohnseehass3ap"
maersk.com. 300 IN TXT "uj8l0jt58el1pcsh96fdis3qvv"
maersk.com. 300 IN TXT "78rvlkvno0ca5rj6iau3snp1i"
maersk.com. 300 IN TXT "7h7pd7vvdp8e1n5cf191q2l6l"
maersk.com. 300 IN TXT "3rgaome6aidt94tk5sa6rd1bf"
maersk.com. 300 IN TXT "jo5cqcods1pb8i0q8dl28v5g4v"
maersk.com. 300 IN TXT "3ip3hhu6gom012d6hgc1avf5it"
maersk.com. 300 IN TXT "8a1dtbg5nmfu2hg57j1g99treh"
maersk.com. 300 IN TXT "j0h44o2k3qs4d3ike069b1tut6"
maersk.com. 300 IN TXT "n3049k5qt3tuvbtc9nh9af38gv"
maersk.com. 300 IN TXT "c0l46oeumomil5ov4jl93j1jkl"
maersk.com. 300 IN TXT "asv=d5b13324fb96e4a7da97e74c452b2853"
maersk.com. 300 IN TXT "nr9fn5805ujj1amet8g9uekt6q"
maersk.com. 300 IN TXT "rkkru701l161vlrskovo4prkr2"
maersk.com. 300 IN TXT "5j6v1o63kil0d58odb1d87hvf8"
maersk.com. 300 IN TXT "5m78ven45842qmgcjuo58ia9qv"
maersk.com. 300 IN TXT "v=spf1 include:_u.maersk.com._spf.smart.ondmarc.com -all"
maersk.com. 300 IN TXT "eeo6mo5d1hmeugn679r0oiv0ng"
maersk.com. 300 IN TXT "1qjv56kklr7i53sqeit7coaovl"
maersk.com. 300 IN TXT "qd1rr3fpf7p4tcm7vn8og5dkp4"
maersk.com. 300 IN TXT "mqm7nh8nu2o5effgqff0s89p16"
maersk.com. 300 IN TXT "mkdbsvfm5e5rkksbvj15soa0pg"
maersk.com. 300 IN TXT "ou1d5buo3ttr1bb9hedsnjei8j"
maersk.com. 300 IN TXT "23gr26e6glfrgonddj8em3bcmm"
maersk.com. 300 IN TXT "148mriu5esgcfoa0sp5dgvb0d9"
maersk.com. 300 IN TXT "id9hs4uof4l1p0rmp1hj1139st"
maersk.com. 300 IN TXT "o9u4lfg02cbgpmbm1r1533rjbi"
maersk.com. 300 IN TXT "v6nego07mskrncv0b1cj091l8r"
maersk.com. 300 IN TXT "ch9lshqqn2tv3jtq7kkqged6tk"
maersk.com. 300 IN TXT "s4vnm53kct54n01el1id0mdlr8"
maersk.com. 300 IN TXT "o0he05s5405c4o623t7173ssrq"
maersk.com. 300 IN TXT "google-site-verification=t3STSojcNOQI9Gcls4weAlg7gr-8aBkW_mCXzI7FZqE"
maersk.com. 300 IN TXT "s5ljpv25iufsep78hg0uof8mr5"
maersk.com. 300 IN TXT "9jaoouukfocetp57qvkhqu3be"
maersk.com. 300 IN TXT "bv8psrq20vnnt4dvn73ue73m3k"
maersk.com. 300 IN TXT "9kbe7dtbn7rbjdsvrrhv6436ut"
maersk.com. 300 IN TXT "4vu0qrr3isdhakvh1c0ngujilk"
;; Received 4900 bytes from 193.108.91.4#53(a1-4.akam.net) in 40 ms
Díky špatnému překladu SPF nám MAERSK.COM jaksi nemůže doručit nějaké notice e-maily...
Zobrazit příspěvky
Třeba to zkusím v týdnu.
