Community discussions

MikroTik App
 
n1kt0
just joined
Topic Author
Posts: 8
Joined: Sun Dec 07, 2014 9:44 pm

Different DNS TXT answers.

Fri Jul 10, 2020 4:08 pm

Hello.

Maybe I don’t understand something.
Trying to get domainkey on my server.

192.168.6.1 - Mikrotik RB760iGS

routerboard
routerboard: yes
board-name: hEX S
model: RB760iGS
serial-number: A8150A06DE18
firmware-type: mt7621L
factory-firmware: 6.43.10
current-firmware: 6.46.1
upgrade-firmware: 6.47

package 6.47

dig mail2._domainkey.mail.ru TXT @192.168.6.1
;; ANSWER SECTION:
mail2._domainkey.mail.ru. 429   IN      TXT     "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN"

dig mail2._domainkey.mail.ru TXT @8.8.8.8
;; ANSWER SECTION:
mail2._domainkey.mail.ru. 284   IN      TXT     "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN" "ADCBiQKBgQC8msGcERt9i1AqEs6Dl5n0btBDj4W3IjzNg1xA" "ExTn1Wb7wjRk9ed8oJ6Xnxn2jSYwbt3G65lW8LK/8vVdx2ar" "FexHgKmOXT5RKIeiYFkHmLEtycrRkyJHr6n7rsjwlFSayXnx" "rM0xbum3oHXgNJUI1XQXJNoQPmAXoMCbi2yB7QIDAQAB"
Is it normal that the answers are different?
 
Sob
Forum Guru
Forum Guru
Posts: 6111
Joined: Mon Apr 20, 2009 9:11 pm

Re: Different DNS TXT answers.

Fri Jul 10, 2020 5:03 pm

No. And there's definitely something weird. This exact query works fine with older RouterOS versions. I don't have 6.47 anymore, but with 6.47.1 and 6.48beta it fails completely. Packet sniffer shows that RouterOS sends query to upstream resolver, but ignores received answer and reports server failure to client.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
n1kt0
just joined
Topic Author
Posts: 8
Joined: Sun Dec 07, 2014 9:44 pm

Re: Different DNS TXT answers.

Fri Jul 10, 2020 6:26 pm

Hello.
Sob, thanks for the answer.

Yes, I updated the firmware a week ago and found that my mail server began sending letters from mail.ru to spam.
This has not happened before.

X-Spam-Status: Yes, score=9.811 required=4 tests=[BAYES_00=-1.9,
DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_FAIL_REJECT=9,
FREEMAIL_FROM=0.001, GB_FREEMAIL_DISPTO=0.499, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
SPOOFED_FREEMAIL=1.999, SURBL_BLOCKED=0.001, T_SPF_TEMPERROR=0.01,

Authentication-Results: mail.test.com (amavisd-new); dkim=neutral
reason="invalid (public key: OpenSSL error: too long)"
header.d=mail.ru

I reconfigured the mail server to public DNS and everything began to work correctly.

It is strange that no one else has discovered such a situation.
 
Sob
Forum Guru
Forum Guru
Posts: 6111
Joined: Mon Apr 20, 2009 9:11 pm

Re: Different DNS TXT answers.

Fri Jul 10, 2020 6:58 pm

It's a bug. I reported it in 6.48beta thread, so it should get noticed and hopefully fixed soon.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: SwaggerRO and 52 guests