Git Product home page Git Product logo

Comments (13)

emersion avatar emersion commented on May 26, 2024

Hm, I don't see anywhere in the RFC where CNAME lookups are mentioned.

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

True, I was surprised when I saw that too, but it looks like at least MailChimp and SendGrid give instructions for setting up DKIM using CNAME.

And it looks like there is no consensus between the different implementations of dns resolution providers (libdns, libbind9, or whatever else is causing the difference on the two different setups).

The question is - how do you weigh sticking to the spec vs what is happening in practice?

from go-msgauth.

AGWA avatar AGWA commented on May 26, 2024

The problem here is not the CNAME - nslookup -type=txt s1._domainkey.namecheap.com on my Debian Bookworm system returns the TXT record, as does net.LookupTXT("s1._domainkey.namecheap.com"). The DKIM RFC does not need to mention CNAMEs, because RFC 1034 already says that a TXT lookup will follow CNAMEs.

The problem is that your server is having some trouble contacting namecheap.com's DNS servers:

;; Connection to xxx#53(xxx) for s1._domainkey.namecheap.com failed: timed out.
;; Connection to xxx#53(xxx) for s1._domainkey.namecheap.com failed: timed out.
;; Connection to xxx#53(xxx) for s1._domainkey.namecheap.com failed: timed out.
;; Connection to xxx#53(xxx) for s1._domainkey.namecheap.com failed: timed out.
;; Connection to xxx#53(xxx) for s1._domainkey.namecheap.com failed: timed out.

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

That's not the issue

maddy@frodo:~$ nslookup -type=cname s1._domainkey.namecheap.com
Server:		xxx
Address:	xxx#53

Non-authoritative answer:
s1._domainkey.namecheap.com	canonical name = s1.domainkey.u1828068.wl069.sendgrid.net.

Authoritative answers can be found from:
namecheap.com	nameserver = edns1.registrar-servers.com.
namecheap.com	nameserver = edns2.registrar-servers.com.
namecheap.com	nameserver = edns4.ultradns.biz.
namecheap.com	nameserver = edns4.ultradns.com.
namecheap.com	nameserver = edns4.ultradns.net.
namecheap.com	nameserver = edns4.ultradns.org.

from go-msgauth.

emersion avatar emersion commented on May 26, 2024

What is the exact error returned by go-msgauth?

from go-msgauth.

AGWA avatar AGWA commented on May 26, 2024

Then the problem is likely contacting sendgrid.net's servers. Try nslookup -type=txt s1.domainkey.u1828068.wl069.sendgrid.net

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

key unavailable

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

Then the problem is likely contacting sendgrid.net's servers. Try nslookup -type=txt s1.domainkey.u1828068.wl069.sendgrid.net

Already tried that

maddy@frodo:~$ nslookup -type=txt s1.domainkey.u1828068.wl069.sendgrid.net.
Server:		xxx
Address:	xxx#53

Non-authoritative answer:
s1.domainkey.u1828068.wl069.sendgrid.net	text = "k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EJ2WbK3G12fhP8hlHBTABlvdbKePJXwux+sjGXRnnoVdGAaw9q9D96qeW3uWqAbBSyPB06w4zTeK1qi7Ar+rBC91zKEiuoi6Rbd8xkDBG1Emo8RMhZjOHer5xl0TobynvYy6J4F/ge4OgA17nNDfc7n2Xg+OOKHVY4dVZfdgNR29eGraxD8X0E2pMBdNgtqKvt6S" "4irlnEuhvko+Ls3XqBicTnM30QO4ffyIJWlUqHEwVjBUHKXV+/sTif8UecWw2m9uLYlPbeNBAjMcRtmKYC+tKT39laA2mtPuQub9LHtgzkmAXqE9D7uvgc8gEoUgdvQyefKClRR/rKomB9CeQIDAQAB"

from go-msgauth.

AGWA avatar AGWA commented on May 26, 2024

Well, you're clearly having trouble contacting something as indicated by the "timed out" errors from nslookup, but it's hard to know because you're redacting the error messages. You still haven't provided the full error message from go-msgauth. It should look something like:

dkim: key unavailable: lookup s1._domainkey.namecheap.com on 169.254.169.254:53: dial udp 169.254.169.254:53: connect: no route to host

from go-msgauth.

shroff avatar shroff commented on May 26, 2024 
key unavailable: lookup s1._domainkey.namecheap.com on [2a01:4ff:ff00::add:2]:53: read udp [fd00::249f:bfff:fe7a:72e6]:48573-\u003e[2a01:4ff:ff00::add:2]:53: i/o timeout

Already tried the following:

maddy@frodo:~$ nslookup -type=cname s1._domainkey.namecheap.com 2a01:4ff:ff00::add:2
Server:		2a01:4ff:ff00::add:2
Address:	2a01:4ff:ff00::add:2#53

Non-authoritative answer:
s1._domainkey.namecheap.com	canonical name = s1.domainkey.u1828068.wl069.sendgrid.net.

Authoritative answers can be found from:
namecheap.com	nameserver = edns4.ultradns.biz.
namecheap.com	nameserver = edns4.ultradns.com.
namecheap.com	nameserver = edns4.ultradns.net.
namecheap.com	nameserver = edns4.ultradns.org.
namecheap.com	nameserver = edns1.registrar-servers.com.
namecheap.com	nameserver = edns2.registrar-servers.com.

maddy@frodo:~$ nslookup -type=txt s1._domainkey.namecheap.com 2a01:4ff:ff00::add:2
;; communications error to 2a01:4ff:ff00::add:2#53: timed out
;; communications error to 2a01:4ff:ff00::add:2#53: timed out
;; communications error to 2a01:4ff:ff00::add:2#53: timed out
;; no servers could be reached

from go-msgauth.

emersion avatar emersion commented on May 26, 2024

This sounds like an issue with the DNS server, not with go-msgauth. The following program fails on the Go playground, but succeeds locally for me: https://go.dev/play/p/MGIIpQS_oix

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

I tried a similar example locally and on the server and got the same result as you - local success and remote failure. Looks like the problem is with the local resolver and not the DNS server, since using 1.1.1.1 as the nslookup server also fails.

You're right that this issue isn't related to go-msgauth. I mentioned this in the issue description, but I was hoping to try figure out what exactly is going on because this is quite a strange and unexpected issue.

Anyway, thanks for your help, and for yours @AGWA. I'll try some more things and report if I have any success.

from go-msgauth.

shroff avatar shroff commented on May 26, 2024

Okay, got it.

;; Truncated, retrying in TCP mode.

My nftables config is pretty conservative, and has a whitelist of outbound tcp ports which does did not include 53.

from go-msgauth.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.