<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I am cross posting this as it might be a dns issue, but it effects
email directly. And I am quite aware of the 'Great Chinese
Firewall' and realized that may be a large part of the issue.<br>
<br>
LCR's mail filter and mail servers are all in the lcrcomputer.net
domain.<br>
<br>
Recently I moved this domain(lcrcomputer.net) to a registrar that
suports DNSSEC and inserted the DS record for this domain. I
checked DNSSEC via <a class="moz-txt-link-freetext" href="http://dnsviz.net">http://dnsviz.net</a> and
<a class="moz-txt-link-freetext" href="http://dnssec-debugger.verisignlabs.com">http://dnssec-debugger.verisignlabs.com</a>. Both show DNSSEC is
working just fine for lcrcomputer.net.<br>
<br>
However, shortly after that one of my customers stopped receiving
email from one of their clients in China. They just brought that to
my attention and I tried to email the client in China and got this
back:<br>
<o:p><br>
</o:p>For <a href="mailto:robin@medtecs.com.cn"><robin@xxxxx.com.cn></a>,
Site (xxxxx.com.cn/<ipv4 address>) said: 559 sorry , your
helo/ehlo and domain in mail are invalid, you don't connect from
there. (#5.5.9)<o:p></o:p><br>
<br>
Because this started within 24 hours of when I published the DS
record for lcrcomputer.net, I am assuming that this is related.<br>
<br>
Had anyone else run across this? Or do I have something
misconfigured here? I ran with DNSSEC against ISC's lookaside for a
long time and published the necessary DNSSEC records and had no
problem. This started right after I moved the domain registration
and published a DS record for the domain. I had already been
publishing DNSSEC records and they checked out against ISC's
lookaside stuff for quite a while.<br>
<br>
Lyle Giese<br>
LCR Computer Services, Inc.<br>
<br>
</body>
</html>