<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">Hello everyone,</font></p>
<p><font face="Calibri">This is my first time posting here, and I'm
not sure if it's the right place or not to ask my question. This
is a general DNS question, specifically, I think, SPF.</font></p>
<p><font face="Calibri">(Btw, I do use Bind in my system, so that's
why I'm here.)<br>
</font></p>
<p><font face="Calibri">I host email using SmarterMail, and all 400+
customers either use a regular email client (desktop app/mobile
device) or the webmail interface.</font></p>
<p><font face="Calibri">One particular customer wants to use Gmail
as their email client for sending email from their domain. I
helped set up the settings at gmail for the SMTP server, and did
the google-siteverification and added <u>include:gmail.com</u>
to the SPF TXT record, as well as DKIM and DMARC configured. I
get green lights for the domain from Dmarcian (well, they said I
had a duplicate SPF value, which I have removed).<br>
</font></p>
<p><font face="Calibri">The emails that get sent *do* arrive for
other users on my email server, but *not* to email addresses
off-server, ie; @live.com<br>
</font></p>
<p><font face="Calibri">I can see the traffic from gmail in my logs,
and it appears the emails are sent, but they do not arrive.</font></p>
<p><font face="Calibri">Stumped. Any spare brain cells available out
there would be appreciated.<br>
</font></p>
<p><font face="Calibri">Thanks,</font></p>
<p><font face="Calibri">Mik</font><br>
</p>
<pre class="moz-signature" cols="72">Mik Muller, president
Montague WebWorks
20 River Street, Greenfield, MA
413-320-5336
<a class="moz-txt-link-freetext" href="http://MontagueWebWorks.com">http://MontagueWebWorks.com</a>
Powered by ROCKETFUSION</pre>
<div class="moz-cite-prefix">On 1/7/2023 3:11 PM, Anders Löwinger
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9b321336-4251-34e2-47e4-d320601405f6@abundo.se">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p>Hi</p>
<p>I have some trouble with the parental-agents. Anyone seen this
before/can give me a clue to get this working?<br>
</p>
<p>Tried with my two recursive resolvers first, then localhost. No
difference.</p>
<p>From the log<br>
</p>
<p><font face="monospace">named[3420650]: zone lowinger.se/IN
(signed): checkds: empty DS response from
2a00:f680:100:1501::32#53<br>
named[3420650]: zone lowinger.se/IN (signed): checkds: empty
DS response from 2a00:f680:10:1501::33#53<br>
named[3428351]: zone lowinger.se/IN (signed): checkds: empty
DS response from 127.0.0.1#53</font></p>
<font face="monospace"> </font>
<p><font face="monospace">zone "lowinger.se" {</font></p>
<p><font face="monospace"> type primary;<br>
file "lowinger.se";<br>
dnssec-policy lowinger-policy;<br>
inline-signing yes;<br>
// parental-agents {<br>
// 2a00:f680:100:1501::32;<br>
// 2a00:f680:100:1501::33;<br>
//
};
<br>
parental-agents { 127.0.0.1; };<br>
};</font><br>
</p>
<p>BIND 9.18.10-1+ubuntu22.04.1+isc+1-Ubuntu (Stable Release)
<id:><b><br>
<br>
</b></p>
<p> dig has no problem resolving the DS record.<br>
</p>
<p># dig @127.0.0.1 lowinger.se ds +short<br>
59647 14 2
825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4
BEB071CA<br>
</p>
<p># dig @2a00:f680:100:1501::32 lowinger.se ds +short<br>
59647 14 2
825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4
BEB071CA<br>
</p>
<p># dig @2a00:f680:100:1501::33 lowinger.se ds +short<br>
59647 14 2
825E888C2FAA4F70241467A257C02C66AD5DAFDB818253B7FEB52DA4
BEB071CA<br>
<br>
</p>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Regards / Med vänlig hälsning
Anders Löwinger, CEO, Abundo AB, +46 72 206 0322</pre>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
</body>
</html>