EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Today's Posts
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 30 May 2017, 05:14 AM   #16
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 371
Quote:
Originally Posted by KingOfTheData View Post
That's correct, when I switched to G Suite, I only updated the MX Records. So I'm not quite sure how they have a "work around" to still resolve even with DNSSEC issues.

When I self hosted my own email server, I did update/change the DNSSEC to work with my email server. This was recommended for the email set up that I used. So it definitely makes sense that my self hosted solution would receive these emails, because the DNSSEC was set up properly to match my self hosted setup.
You mentioned you tried G Suite after you set up your self-hosted server... did you change the DNS back to your original DNS hosting at that point?

Quote:
I did try pointing my nameservers directly to Fastmail but this did not resolve the issue. In fact, when the issue started, my nameservers were pointed to fastmail. But I set these back to the default nameservers and set up mx records instead.
Yeah, that wouldn't have helped, as from what you indicated above it sounds like the DS record was still published by the registrar until you removed it. Essentially, as long as there's a DS record published for a given domain, everything querying that domain will expect to find it signed with a DNSSEC key that matches the DS record, and essentially fail if that signature isn't valid. A missing signature is the same as an invalid one, of course, since that's kind of the point of DNSSEC — to prevent somebody from hijacking your domain by setting up their own name servers for it.

Frankly, as far as the DNSSEC system was concerned, the domain was being hijacked.... it has no way of knowing that you were the one actually doing the hijacking

I went though something similar when I switched my DNS over to FastMail, although in my case I did disable DNSSEC before changing the NS records to FastMail, but my registrar didn't properly remove the DS record.
jhollington is offline   Reply With Quote
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 03:05 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy