You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Carlos G Mendioroz via users <us...@spamassassin.apache.org> on 2022/09/16 21:05:12 UTC
Askdns problem ?
Hi,
I'm facing a problem with SA, that seems to be related to askdns.
Mail server on Ubuntu 22.04 LTS, spamassassin 3.4.6 via exim4. Local
bind9 DNS server.
Mail received from webex.com does not get SPF checked, which in turn
triggers a local rule:
meta DMARK_REJECT !(DKIM_VALID_AU || SPF_PASS || NO_RELAYS)
Webex does not use DKIM, but it has a kind of complex SPF setup, that
may be ok (not 100% sure, but they are cisco after all ?)
After enabling debug I can see that the TXT query returns 0 RRs:
Sep 16 11:45:39 doors spamd[462278]: askdns: answer received, rcode
NOERROR, query IN/TXT/webex.com, answer has 0 records
while dig has a different idea:
dig -t TXT webex.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -t TXT webex.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56230
;; flags: qr rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: b7c24959678df920010000006324d83008d33f7982f281d1 (good)
;; QUESTION SECTION:
;webex.com. IN TXT
;; ANSWER SECTION:
webex.com. 300 IN TXT
"google-site-verification=qXk-s_bdPaqiuaDN9jJCQjvNyw_hVkxXDhkm-1mZn14"
webex.com. 300 IN TXT "slimtesttxt20170824002"
webex.com. 300 IN TXT
"QuoVadis=c1bf1f71-e21f-4ef5-92d9-3285c488767a"
webex.com. 300 IN TXT
"google-site-verification=BEWshakJYRMouwSQKX3vk5144-qUL1wwUWLU-XtfQ"
webex.com. 300 IN TXT "slimtesttxt20170824001"
webex.com. 300 IN TXT "MS=ms74589643"
webex.com. 300 IN TXT
"google-site-verification=BEWshakJYRMouwSQKX_3vk5_144-qUL1wwUWLU-XtfQ"
webex.com. 300 IN TXT
"identrust_validate=5g4Ebjbv8fCTROWcobqHmDRBtTU+zBMHM1AiuGdcCbtd"
webex.com. 300 IN TXT "MS=ms61160488"
webex.com. 300 IN TXT
"QuoVadis=5a740d9e-6664-4d4c-8d87-716da9d530a7"
webex.com. 300 IN TXT "MS=ms67549965"
webex.com. 300 IN TXT
"identrust_validate=08N0ASND+yUGXL08IVK8mdMWNhvz1ZqiXe6WCC5eI2e/"
webex.com. 300 IN TXT "v=spf1
redirect=_spf.webex.com"
webex.com. 300 IN TXT "lqucp0f6u7alqi7kgrjo5vsov5"
webex.com. 300 IN TXT
"QuoVadis=eed4c791-aa21-4b45-8c91-2d83a93af871"
webex.com. 300 IN TXT "lrg2pr6u4ubansuv47jtmmfd3p"
webex.com. 300 IN TXT " ms93683787.msv1.invalid"
webex.com. 300 IN TXT
"amazonses:n3XkGYyvmC8SrhX+CqICjY4eWnyKFwPo6mdHTMsmeu4="
webex.com. 300 IN TXT "9cef3rr776cnjs1cu53q6hrium"
webex.com. 300 IN TXT
"google-site-verification=3NhfQ1u_2ogGy3CA8qlIfFtMlW_nhx-VO85vAhT15a0"
webex.com. 300 IN TXT
"identrust_validate=bCd4oCoacz6pZ8C8/IRU0rItc1avij7uuIRBeMwUxa8T"
webex.com. 300 IN TXT
"google-site-verification=t2i1Swk8XPQDj6Llz_4Uxu3OKL3wfO_aaxYylFmQ8MU"
webex.com. 300 IN TXT "MS=ms93683787"
webex.com. 300 IN TXT
"google-site-verification=Z4Iwv_W8wkGKrlaPKLdcm3C_LDCydAJD6z3L1MAP7DI"
webex.com. 300 IN TXT
"google-site-verification=fHXTAHXgtW5_Dzt4PHZKGF2PAI0r6PEHqmHJbkxo4_k"
webex.com. 300 IN TXT
"google-site-verification=D1PXZV2EBUXGvgJdUWr3cahNprUgckDpzo8MgniDQHk"
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
;; WHEN: Fri Sep 16 17:10:24 -03 2022
;; MSG SIZE rcvd: 1552
which leads me to believe askdns might not support tcp for resolving ?
In any case, help ?
TIA
--
Carlos G Mendioroz <tr...@huapi.ba.ar> LW7 EQI Argentina
Re: Askdns problem ?
Posted by Carlos G Mendioroz via users <us...@spamassassin.apache.org>.
Carlos G Mendioroz via users @ 17/9/2022 15:32 -0300 dixit:
> Paul Stead @ 17/9/2022 15:04 -0300 dixit:
>> I was able to replicate this using an Unbound setup to not respond to
>> UDP messages larger that 1500.
>>
>> In the first instance I'd suggest checking your DNS server setup that
>> it's able to respond to UDP packets larger than ~1552 - 4096 is
>> default on Unbound -
>>
>> server:
>> max-udp-size: 4096
>>
>> I can confirm that AskDNS (and other DNS requests going via
>> async->bgsend_and_start_lookup and resolver) don't fallback to TCP if
>> the truncated bit is set - this is hardcoded in the DnsResolver.pm
>> module. I have had some success in writing a patch for this which I'll
>> submit to BZ after some cleanup.
>>
>> Paul
>
> Thanks.
> I have been digging (pun intended :) and I see that askdns does fall
> back to TCP, but does not try to resolve the redirected SPF domain, I
> don't know if that's because of the number of TXT RRs involved or what.
>
> I've seen a bug
> (https://www.mail-archive.com/search?l=dev@spamassassin.apache.org&q=subject:%22%5C%5BBug+7777%5C%5D+askdns+problem+with+multi%5C-valued+resource+records%22&o=newest)
> related to not using multiple RRs values, but that seems not present on
> 3.4.6.
>
> -Carlos
Hmm, I was wrong, or confused. What I saw was my DNS server activity,
not askdns activity. (i.e. TCP switching because of tuncated answer from
upstream). So after realizing this I upped server UDP size and it works.
Thanks again.
-Carlos
>
>>
>> On Fri, 16 Sept 2022 at 22:05, Carlos G Mendioroz via users
>> <users@spamassassin.apache.org <ma...@spamassassin.apache.org>>
>> wrote:
>>
>> Hi,
>> I'm facing a problem with SA, that seems to be related to askdns.
>>
>> Mail server on Ubuntu 22.04 LTS, spamassassin 3.4.6 via exim4. Local
>> bind9 DNS server.
>>
>> Mail received from webex.com <http://webex.com> does not get SPF
>> checked, which in turn
>> triggers a local rule:
>> meta DMARK_REJECT !(DKIM_VALID_AU || SPF_PASS || NO_RELAYS)
>>
>> Webex does not use DKIM, but it has a kind of complex SPF setup, that
>> may be ok (not 100% sure, but they are cisco after all ?)
>>
>> After enabling debug I can see that the TXT query returns 0 RRs:
>>
>> Sep 16 11:45:39 doors spamd[462278]: askdns: answer received, rcode
>> NOERROR, query IN/TXT/webex.com <http://webex.com>, answer has 0
>> records
>>
>> while dig has a different idea:
>>
>> dig -t TXT webex.com <http://webex.com>
>> ;; Truncated, retrying in TCP mode.
>>
>> ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -t TXT webex.com
>> <http://webex.com>
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56230
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 1232
>> ; COOKIE: b7c24959678df920010000006324d83008d33f7982f281d1 (good)
>> ;; QUESTION SECTION:
>> ;webex.com <http://webex.com>. IN TXT
>>
>> ;; ANSWER SECTION:
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=qXk-s_bdPaqiuaDN9jJCQjvNyw_hVkxXDhkm-1mZn14"
>> webex.com <http://webex.com>. 300 IN TXT
>> "slimtesttxt20170824002"
>> webex.com <http://webex.com>. 300 IN TXT
>> "QuoVadis=c1bf1f71-e21f-4ef5-92d9-3285c488767a"
>> webex.com <http://webex.com>. 300 IN TXT
>> "google-site-verification=BEWshakJYRMouwSQKX3vk5144-qUL1wwUWLU-XtfQ"
>> webex.com <http://webex.com>. 300 IN TXT
>> "slimtesttxt20170824001"
>> webex.com <http://webex.com>. 300 IN TXT
>> "MS=ms74589643"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=BEWshakJYRMouwSQKX_3vk5_144-qUL1wwUWLU-XtfQ"
>> webex.com <http://webex.com>. 300 IN TXT
>> "identrust_validate=5g4Ebjbv8fCTROWcobqHmDRBtTU+zBMHM1AiuGdcCbtd"
>> webex.com <http://webex.com>. 300 IN TXT
>> "MS=ms61160488"
>> webex.com <http://webex.com>. 300 IN TXT
>> "QuoVadis=5a740d9e-6664-4d4c-8d87-716da9d530a7"
>> webex.com <http://webex.com>. 300 IN TXT
>> "MS=ms67549965"
>> webex.com <http://webex.com>. 300 IN TXT
>> "identrust_validate=08N0ASND+yUGXL08IVK8mdMWNhvz1ZqiXe6WCC5eI2e/"
>> webex.com <http://webex.com>. 300 IN TXT
>> "v=spf1
>> redirect=_spf.webex.com <http://spf.webex.com>"
>> webex.com <http://webex.com>. 300 IN TXT
>> "lqucp0f6u7alqi7kgrjo5vsov5"
>> webex.com <http://webex.com>. 300 IN TXT
>> "QuoVadis=eed4c791-aa21-4b45-8c91-2d83a93af871"
>> webex.com <http://webex.com>. 300 IN TXT
>> "lrg2pr6u4ubansuv47jtmmfd3p"
>> webex.com <http://webex.com>. 300 IN TXT "
>> ms93683787.msv1.invalid"
>> webex.com <http://webex.com>. 300 IN TXT
>> "amazonses:n3XkGYyvmC8SrhX+CqICjY4eWnyKFwPo6mdHTMsmeu4="
>> webex.com <http://webex.com>. 300 IN TXT
>> "9cef3rr776cnjs1cu53q6hrium"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=3NhfQ1u_2ogGy3CA8qlIfFtMlW_nhx-VO85vAhT15a0"
>> webex.com <http://webex.com>. 300 IN TXT
>> "identrust_validate=bCd4oCoacz6pZ8C8/IRU0rItc1avij7uuIRBeMwUxa8T"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=t2i1Swk8XPQDj6Llz_4Uxu3OKL3wfO_aaxYylFmQ8MU"
>> webex.com <http://webex.com>. 300 IN TXT
>> "MS=ms93683787"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=Z4Iwv_W8wkGKrlaPKLdcm3C_LDCydAJD6z3L1MAP7DI"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=fHXTAHXgtW5_Dzt4PHZKGF2PAI0r6PEHqmHJbkxo4_k"
>> webex.com <http://webex.com>. 300 IN TXT
>>
>> "google-site-verification=D1PXZV2EBUXGvgJdUWr3cahNprUgckDpzo8MgniDQHk"
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
>> ;; WHEN: Fri Sep 16 17:10:24 -03 2022
>> ;; MSG SIZE rcvd: 1552
>>
>> which leads me to believe askdns might not support tcp for
>> resolving ?
>> In any case, help ?
>> TIA
>> -- Carlos G Mendioroz <tron@huapi.ba.ar
>> <ma...@huapi.ba.ar>> LW7 EQI Argentina
>>
>
--
Carlos G Mendioroz <tr...@huapi.ba.ar> LW7 EQI Argentina
Re: Askdns problem ?
Posted by Carlos G Mendioroz via users <us...@spamassassin.apache.org>.
Paul Stead @ 17/9/2022 15:04 -0300 dixit:
> I was able to replicate this using an Unbound setup to not respond to
> UDP messages larger that 1500.
>
> In the first instance I'd suggest checking your DNS server setup that
> it's able to respond to UDP packets larger than ~1552 - 4096 is default
> on Unbound -
>
> server:
> max-udp-size: 4096
>
> I can confirm that AskDNS (and other DNS requests going via
> async->bgsend_and_start_lookup and resolver) don't fallback to TCP if
> the truncated bit is set - this is hardcoded in the DnsResolver.pm
> module. I have had some success in writing a patch for this which I'll
> submit to BZ after some cleanup.
>
> Paul
Thanks.
I have been digging (pun intended :) and I see that askdns does fall
back to TCP, but does not try to resolve the redirected SPF domain, I
don't know if that's because of the number of TXT RRs involved or what.
I've seen a bug
(https://www.mail-archive.com/search?l=dev@spamassassin.apache.org&q=subject:%22%5C%5BBug+7777%5C%5D+askdns+problem+with+multi%5C-valued+resource+records%22&o=newest)
related to not using multiple RRs values, but that seems not present on
3.4.6.
-Carlos
>
> On Fri, 16 Sept 2022 at 22:05, Carlos G Mendioroz via users
> <users@spamassassin.apache.org <ma...@spamassassin.apache.org>>
> wrote:
>
> Hi,
> I'm facing a problem with SA, that seems to be related to askdns.
>
> Mail server on Ubuntu 22.04 LTS, spamassassin 3.4.6 via exim4. Local
> bind9 DNS server.
>
> Mail received from webex.com <http://webex.com> does not get SPF
> checked, which in turn
> triggers a local rule:
> meta DMARK_REJECT !(DKIM_VALID_AU || SPF_PASS || NO_RELAYS)
>
> Webex does not use DKIM, but it has a kind of complex SPF setup, that
> may be ok (not 100% sure, but they are cisco after all ?)
>
> After enabling debug I can see that the TXT query returns 0 RRs:
>
> Sep 16 11:45:39 doors spamd[462278]: askdns: answer received, rcode
> NOERROR, query IN/TXT/webex.com <http://webex.com>, answer has 0 records
>
> while dig has a different idea:
>
> dig -t TXT webex.com <http://webex.com>
> ;; Truncated, retrying in TCP mode.
>
> ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -t TXT webex.com
> <http://webex.com>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56230
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: b7c24959678df920010000006324d83008d33f7982f281d1 (good)
> ;; QUESTION SECTION:
> ;webex.com <http://webex.com>. IN TXT
>
> ;; ANSWER SECTION:
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=qXk-s_bdPaqiuaDN9jJCQjvNyw_hVkxXDhkm-1mZn14"
> webex.com <http://webex.com>. 300 IN TXT
> "slimtesttxt20170824002"
> webex.com <http://webex.com>. 300 IN TXT
> "QuoVadis=c1bf1f71-e21f-4ef5-92d9-3285c488767a"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=BEWshakJYRMouwSQKX3vk5144-qUL1wwUWLU-XtfQ"
> webex.com <http://webex.com>. 300 IN TXT
> "slimtesttxt20170824001"
> webex.com <http://webex.com>. 300 IN TXT
> "MS=ms74589643"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=BEWshakJYRMouwSQKX_3vk5_144-qUL1wwUWLU-XtfQ"
> webex.com <http://webex.com>. 300 IN TXT
> "identrust_validate=5g4Ebjbv8fCTROWcobqHmDRBtTU+zBMHM1AiuGdcCbtd"
> webex.com <http://webex.com>. 300 IN TXT
> "MS=ms61160488"
> webex.com <http://webex.com>. 300 IN TXT
> "QuoVadis=5a740d9e-6664-4d4c-8d87-716da9d530a7"
> webex.com <http://webex.com>. 300 IN TXT
> "MS=ms67549965"
> webex.com <http://webex.com>. 300 IN TXT
> "identrust_validate=08N0ASND+yUGXL08IVK8mdMWNhvz1ZqiXe6WCC5eI2e/"
> webex.com <http://webex.com>. 300 IN TXT
> "v=spf1
> redirect=_spf.webex.com <http://spf.webex.com>"
> webex.com <http://webex.com>. 300 IN TXT
> "lqucp0f6u7alqi7kgrjo5vsov5"
> webex.com <http://webex.com>. 300 IN TXT
> "QuoVadis=eed4c791-aa21-4b45-8c91-2d83a93af871"
> webex.com <http://webex.com>. 300 IN TXT
> "lrg2pr6u4ubansuv47jtmmfd3p"
> webex.com <http://webex.com>. 300 IN TXT "
> ms93683787.msv1.invalid"
> webex.com <http://webex.com>. 300 IN TXT
> "amazonses:n3XkGYyvmC8SrhX+CqICjY4eWnyKFwPo6mdHTMsmeu4="
> webex.com <http://webex.com>. 300 IN TXT
> "9cef3rr776cnjs1cu53q6hrium"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=3NhfQ1u_2ogGy3CA8qlIfFtMlW_nhx-VO85vAhT15a0"
> webex.com <http://webex.com>. 300 IN TXT
> "identrust_validate=bCd4oCoacz6pZ8C8/IRU0rItc1avij7uuIRBeMwUxa8T"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=t2i1Swk8XPQDj6Llz_4Uxu3OKL3wfO_aaxYylFmQ8MU"
> webex.com <http://webex.com>. 300 IN TXT
> "MS=ms93683787"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=Z4Iwv_W8wkGKrlaPKLdcm3C_LDCydAJD6z3L1MAP7DI"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=fHXTAHXgtW5_Dzt4PHZKGF2PAI0r6PEHqmHJbkxo4_k"
> webex.com <http://webex.com>. 300 IN TXT
> "google-site-verification=D1PXZV2EBUXGvgJdUWr3cahNprUgckDpzo8MgniDQHk"
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
> ;; WHEN: Fri Sep 16 17:10:24 -03 2022
> ;; MSG SIZE rcvd: 1552
>
> which leads me to believe askdns might not support tcp for resolving ?
> In any case, help ?
> TIA
> --
> Carlos G Mendioroz <tron@huapi.ba.ar <ma...@huapi.ba.ar>>
> LW7 EQI Argentina
>
--
Carlos G Mendioroz <tr...@huapi.ba.ar> LW7 EQI Argentina
Re: Askdns problem ?
Posted by Paul Stead <pa...@gmail.com>.
I was able to replicate this using an Unbound setup to not respond to UDP
messages larger that 1500.
In the first instance I'd suggest checking your DNS server setup that it's
able to respond to UDP packets larger than ~1552 - 4096 is default on
Unbound -
server:
max-udp-size: 4096
I can confirm that AskDNS (and other DNS requests going via
async->bgsend_and_start_lookup and resolver) don't fallback to TCP if the
truncated bit is set - this is hardcoded in the DnsResolver.pm module. I
have had some success in writing a patch for this which I'll submit to BZ
after some cleanup.
Paul
On Fri, 16 Sept 2022 at 22:05, Carlos G Mendioroz via users <
users@spamassassin.apache.org> wrote:
> Hi,
> I'm facing a problem with SA, that seems to be related to askdns.
>
> Mail server on Ubuntu 22.04 LTS, spamassassin 3.4.6 via exim4. Local
> bind9 DNS server.
>
> Mail received from webex.com does not get SPF checked, which in turn
> triggers a local rule:
> meta DMARK_REJECT !(DKIM_VALID_AU || SPF_PASS || NO_RELAYS)
>
> Webex does not use DKIM, but it has a kind of complex SPF setup, that
> may be ok (not 100% sure, but they are cisco after all ?)
>
> After enabling debug I can see that the TXT query returns 0 RRs:
>
> Sep 16 11:45:39 doors spamd[462278]: askdns: answer received, rcode
> NOERROR, query IN/TXT/webex.com, answer has 0 records
>
> while dig has a different idea:
>
> dig -t TXT webex.com
> ;; Truncated, retrying in TCP mode.
>
> ; <<>> DiG 9.18.1-1ubuntu1.1-Ubuntu <<>> -t TXT webex.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56230
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: b7c24959678df920010000006324d83008d33f7982f281d1 (good)
> ;; QUESTION SECTION:
> ;webex.com. IN TXT
>
> ;; ANSWER SECTION:
> webex.com. 300 IN TXT
> "google-site-verification=qXk-s_bdPaqiuaDN9jJCQjvNyw_hVkxXDhkm-1mZn14"
> webex.com. 300 IN TXT "slimtesttxt20170824002"
> webex.com. 300 IN TXT
> "QuoVadis=c1bf1f71-e21f-4ef5-92d9-3285c488767a"
> webex.com. 300 IN TXT
> "google-site-verification=BEWshakJYRMouwSQKX3vk5144-qUL1wwUWLU-XtfQ"
> webex.com. 300 IN TXT "slimtesttxt20170824001"
> webex.com. 300 IN TXT "MS=ms74589643"
> webex.com. 300 IN TXT
> "google-site-verification=BEWshakJYRMouwSQKX_3vk5_144-qUL1wwUWLU-XtfQ"
> webex.com. 300 IN TXT
> "identrust_validate=5g4Ebjbv8fCTROWcobqHmDRBtTU+zBMHM1AiuGdcCbtd"
> webex.com. 300 IN TXT "MS=ms61160488"
> webex.com. 300 IN TXT
> "QuoVadis=5a740d9e-6664-4d4c-8d87-716da9d530a7"
> webex.com. 300 IN TXT "MS=ms67549965"
> webex.com. 300 IN TXT
> "identrust_validate=08N0ASND+yUGXL08IVK8mdMWNhvz1ZqiXe6WCC5eI2e/"
> webex.com. 300 IN TXT "v=spf1
> redirect=_spf.webex.com"
> webex.com. 300 IN TXT
> "lqucp0f6u7alqi7kgrjo5vsov5"
> webex.com. 300 IN TXT
> "QuoVadis=eed4c791-aa21-4b45-8c91-2d83a93af871"
> webex.com. 300 IN TXT
> "lrg2pr6u4ubansuv47jtmmfd3p"
> webex.com. 300 IN TXT " ms93683787.msv1.invalid"
> webex.com. 300 IN TXT
> "amazonses:n3XkGYyvmC8SrhX+CqICjY4eWnyKFwPo6mdHTMsmeu4="
> webex.com. 300 IN TXT
> "9cef3rr776cnjs1cu53q6hrium"
> webex.com. 300 IN TXT
> "google-site-verification=3NhfQ1u_2ogGy3CA8qlIfFtMlW_nhx-VO85vAhT15a0"
> webex.com. 300 IN TXT
> "identrust_validate=bCd4oCoacz6pZ8C8/IRU0rItc1avij7uuIRBeMwUxa8T"
> webex.com. 300 IN TXT
> "google-site-verification=t2i1Swk8XPQDj6Llz_4Uxu3OKL3wfO_aaxYylFmQ8MU"
> webex.com. 300 IN TXT "MS=ms93683787"
> webex.com. 300 IN TXT
> "google-site-verification=Z4Iwv_W8wkGKrlaPKLdcm3C_LDCydAJD6z3L1MAP7DI"
> webex.com. 300 IN TXT
> "google-site-verification=fHXTAHXgtW5_Dzt4PHZKGF2PAI0r6PEHqmHJbkxo4_k"
> webex.com. 300 IN TXT
> "google-site-verification=D1PXZV2EBUXGvgJdUWr3cahNprUgckDpzo8MgniDQHk"
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1) (TCP)
> ;; WHEN: Fri Sep 16 17:10:24 -03 2022
> ;; MSG SIZE rcvd: 1552
>
> which leads me to believe askdns might not support tcp for resolving ?
> In any case, help ?
> TIA
> --
> Carlos G Mendioroz <tr...@huapi.ba.ar> LW7 EQI Argentina
>