IPv6 RR disabled on lists.ovirt.org -- WHY???
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --AbeBwFMsqkMaACotjgbEWMLPfmp8MWgEF Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Quack, I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround. It seems to me the IPv6 address should be added to the DNS RR (so that SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machine if we do so. Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d Which means IPv6 RR were activated and then later disabled. I don't know how to have access to these TASKs (SNOW?) but I'd really like to know the reason for this before any action. Do any one know why this DNS RR was removed? or were I could find it? Regards. --AbeBwFMsqkMaACotjgbEWMLPfmp8MWgEF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXQ+c0AAoJEFXp+fesHEQ/xmMP/34SyTYiH36CeGV5qnJ5IH2B iTLhFb6DxzJ5LzQNjdGi5dAK6PsDa73sygDLtWSf/hKCeZKLpX264hNSd6mbN710 tV9mrADTzFhxfzOIL5ECmlVoYS+Sb0rFKVahcpMC8s+JI1pRu5NLiwUwZ+yzCccV I0GYP1y9aaxJl0BCOT18ZUIpVv8iocUE8vEyzkIz/4SDDOEGid6OyxDAPRuG16RE Q/IXxZHq4JbUUVxIGanYc8ylOCKj748j8sOzLr/s89doAm7PQFxK2WuQ/kauemqf jMyexodI2iMH4vVE4x2BTi02PFUPSt3WeevrF8CyHQBNrsKQXNY6zUkkjn6sWipU ubBgwi7QSTi1oMmxdmw9q+UfHxjImE99VI6OduMWOK45gBhhNg8c3jjhGEk4Ysxz j9shC1FCozbnuQFMOL8ph24bu0g7nvMOmnIK/64s9dczUeXo26p03QS+GYfuJFNE BUbozezNNFZ08QuiIA95gCBJehUJFIO9cX/BieuTGQKDESM9M5zPas49YrofnfS0 IvFxl/LJjJLcJrKXBM0bVUn6RRdHbmDtpxo4eNHnbyacFffydYtd43oCSK3pvTYL lHIDWMQV/J2vUGxG6gIZT5NmsVaHhSYfbAzgMjGvkYxyuC2ddlAdapGtn6ZhLBty 3fok/rjsCAqrBqPH5pSN =PW+/ -----END PGP SIGNATURE----- --AbeBwFMsqkMaACotjgbEWMLPfmp8MWgEF--
Misc,David? On Tue, May 24, 2016 at 8:31 AM, Marc Dequènes (Duck) <duck@redhat.com> wrote:
Quack,
I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround.
It seems to me the IPv6 address should be added to the DNS RR (so that SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machine if we do so.
Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d
Which means IPv6 RR were activated and then later disabled. I don't know how to have access to these TASKs (SNOW?) but I'd really like to know the reason for this before any action.
Do any one know why this DNS RR was removed? or were I could find it?
Regards.
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
-- Eyal Edri Associate Manager RHEV DevOps EMEA ENG Virtualization R&D Red Hat Israel phone: +972-9-7692018 irc: eedri (on #tlv #rhev-dev #rhev-integ)
--EdRE1UL8d3mMOE6m Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05/24 11:27, Eyal Edri wrote:
Misc,David?
I don't know, when was that done? Maybe it's old enough so Quaid was involved back then? or dnary?
=20 On Tue, May 24, 2016 at 8:31 AM, Marc Dequ=E8nes (Duck) <duck@redhat.com> wrote: =20
Quack,
I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround.
It seems to me the IPv6 address should be added to the DNS RR (so that SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machine if we do so.
Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d
Which means IPv6 RR were activated and then later disabled. I don't know how to have access to these TASKs (SNOW?) but I'd really like to know the reason for this before any action.
Do any one know why this DNS RR was removed? or were I could find it?
Regards.
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
=20 =20 --=20 Eyal Edri Associate Manager RHEV DevOps EMEA ENG Virtualization R&D Red Hat Israel =20 phone: +972-9-7692018 irc: eedri (on #tlv #rhev-dev #rhev-integ)
--=20 David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605 --EdRE1UL8d3mMOE6m Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXRBGBAAoJEEBxx+HSYmnD10wH/1cmPRhrDtiCPfksL1KRiqAP N/jAn5PMqyk/e3KlvD0PwUCd9UlyXztw5OUS9KGj47er/zQ8t8LgfJ48FjYCPDo1 waz/QEakMRsf084lvpDWz12pwa4/4g0tIoevvon2VkisiODLo0O1IBVfZzCfEQoZ fwc5wIKK2avzo8KQVReb1PoUI5Yc7g4hIJTD1PPYpdvBsqz8ZQKbfPrVQb/aDl5R a4DdAWaHfNAmUxwsA3xNSUyZ6K7uLQ6Q62SRXK6kjvLxSUyYI6BbOS4ulad6oVpk Tye+wJy7v/rmGR6VEsMPelrv/SWr0NELDh/1f8nQiLr5lR5q8dAxgaWV6sPWS6E= =fkTx -----END PGP SIGNATURE----- --EdRE1UL8d3mMOE6m--
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --dujaw9kQCXTtR4JJutEbBPiTkoeE6pV8C Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Quack, On 05/24/2016 05:32 PM, David Caro wrote:
On 05/24 11:27, Eyal Edri wrote:
Misc,David?
Misc is on PTO
I don't know, when was that done? =20 Maybe it's old enough so Quaid was involved back then? or dnary?
Added Quaid, please help us. Who is dnary? Could not find this nick/mail-prefix/=85 Here is the original mail with the unsolved question:
On Tue, May 24, 2016 at 8:31 AM, Marc Dequ=E8nes (Duck) <duck@redhat.c= om> wrote:
Quack,
I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround.
It seems to me the IPv6 address should be added to the DNS RR (so tha= t SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machin= e if we do so.
Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d
Which means IPv6 RR were activated and then later disabled. I don't k= now how to have access to these TASKs (SNOW?) but I'd really like to know=
the reason for this before any action.
Do any one know why this DNS RR was removed? or were I could find it?=
Regards.
--dujaw9kQCXTtR4JJutEbBPiTkoeE6pV8C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXRCEBAAoJEFXp+fesHEQ/kKAP+wcAvVuBVJgLHyUVRIE1Ap6D 3LuFjTBYQZ3BEkFDgIeuGNc32x+qHnntqDDlb47yVFZTyrQ7jjy6KlNq1Wtp2lcg kVab89rCGFu4gC4qX006sa3SsGiWZL+tn4MJq197ymp7IOwFnsiFVHktubE9d24W KNjNaVUZOuYuh2q9EydySpX6i4tCwM1Jo/tr3yoF2spbWU/yNe5RwzsxLjbRVXK7 wN4Vo8fveDdO5siaCP9OL6MQ+mLdEKK79fMNTx/fo02wgGoiig3AjRvQIYH0XKa9 LSKsiduqHoAiZfWHoLGlBqcGw47APUouMD937+cPjbncAvsp6NpLzpNs+MhRwm+9 +z3gYEqg6eod5fPXsxVJ38bbMPH98pqBZxfp9/qcx1IunISWRjYqGlze9HosIggB k4IPvfVnVCUlTzGznY/SMSAHJXOUKw/1yKwdi/L8AxQgKCOJLMcESOOVm8MYUhM3 CTeDxwpcSjtb+7FRokC7EZy+/F0XNCUPxRkuBSmre/9ZbhoVl7tA7SiQ36iIQzyj n/fg591LrT3Pl3eCq4GNQXhXjZBxx0dZTMq5BEOCunE1kDvdhhDTOpna2+cebYME 4Mn9suaQOHCEXFOBwKG7j2PMGR9iGqT6jOJYdd6/KY0zNqtp9YCrcsutHBKi3e1C vm7MiuME0AX3dNhgUMA7 =yOD5 -----END PGP SIGNATURE----- --dujaw9kQCXTtR4JJutEbBPiTkoeE6pV8C--
Dave Neary, added. On Tue, May 24, 2016 at 12:38 PM, Marc Dequènes (Duck) <duck@redhat.com> wrote:
Quack,
On 05/24/2016 05:32 PM, David Caro wrote:
On 05/24 11:27, Eyal Edri wrote:
Misc,David?
Misc is on PTO
I don't know, when was that done?
Maybe it's old enough so Quaid was involved back then? or dnary?
Added Quaid, please help us. Who is dnary? Could not find this nick/mail-prefix/…
Here is the original mail with the unsolved question:
On Tue, May 24, 2016 at 8:31 AM, Marc Dequènes (Duck) <duck@redhat.com> wrote:
Quack,
I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround.
It seems to me the IPv6 address should be added to the DNS RR (so that SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machine if we do so.
Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d
Which means IPv6 RR were activated and then later disabled. I don't know how to have access to these TASKs (SNOW?) but I'd really like to know the reason for this before any action.
Do any one know why this DNS RR was removed? or were I could find it?
Regards.
-- Eyal Edri Associate Manager RHEV DevOps EMEA ENG Virtualization R&D Red Hat Israel phone: +972-9-7692018 irc: eedri (on #tlv #rhev-dev #rhev-integ)
Hi, That's "dneary", not dnary (explains why you couldn't find me, Duck). The lists.ovirt.org was set up originally by quaid. It used to be on an old box I think was retired - it used to be on the old resources.ovirt.org linode host. I have some email records of some general maintenance that quaid did back in 2012/13 (adding more storage to the host), nothing since then. I don't believe I ever had a hand in the mailman installation/maintenance. Thanks, Dave. On 05/24/2016 05:39 AM, Eyal Edri wrote:
Dave Neary, added.
On Tue, May 24, 2016 at 12:38 PM, Marc Dequènes (Duck) <duck@redhat.com <mailto:duck@redhat.com>> wrote:
Quack,
On 05/24/2016 05:32 PM, David Caro wrote: > On 05/24 11:27, Eyal Edri wrote: >> Misc,David?
Misc is on PTO
> I don't know, when was that done? > > Maybe it's old enough so Quaid was involved back then? or dnary?
Added Quaid, please help us. Who is dnary? Could not find this nick/mail-prefix/…
Here is the original mail with the unsolved question:
>> On Tue, May 24, 2016 at 8:31 AM, Marc Dequènes (Duck) <duck@redhat.com <mailto:duck@redhat.com>> >> wrote: >> >>> Quack, >>> >>> I'm having a look at OVIRT-357 and found that IPv6 was disabled for >>> Postfix as a workaround. >>> >>> It seems to me the IPv6 address should be added to the DNS RR (so that >>> SPF would allow this address too) and Postfix could have IPv6 >>> reactivated. I see no other problem with other services on the machine >>> if we do so. >>> >>> Nevertheless, I found out this in the dns-maps: >>> ; TASK0043529 - TASK0108580 overwriten >>> ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d >>> >>> Which means IPv6 RR were activated and then later disabled. I don't know >>> how to have access to these TASKs (SNOW?) but I'd really like to know >>> the reason for this before any action. >>> >>> Do any one know why this DNS RR was removed? or were I could find it? >>> >>> Regards.
-- Eyal Edri Associate Manager RHEV DevOps EMEA ENG Virtualization R&D Red Hat Israel
phone: +972-9-7692018 irc: eedri (on #tlv #rhev-dev #rhev-integ)
-- Dave Neary - NFV/SDN Community Strategy Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338
--/0U0QBNx7JIUZLHm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05/24 18:38, Marc Dequ=C3=A8nes (Duck) wrote:
Quack, =20 On 05/24/2016 05:32 PM, David Caro wrote:
On 05/24 11:27, Eyal Edri wrote:
Misc,David? =20 Misc is on PTO =20 I don't know, when was that done? =20 Maybe it's old enough so Quaid was involved back then? or dnary? =20 Added Quaid, please help us. Who is dnary? Could not find this nick/mail-prefix/=E2=80=A6
Dave Neary, he was community manager for oVirt ~3 years ago
=20 Here is the original mail with the unsolved question: =20
On Tue, May 24, 2016 at 8:31 AM, Marc Dequ=C3=A8nes (Duck) <duck@redha= t.com> wrote:
Quack,
I'm having a look at OVIRT-357 and found that IPv6 was disabled for Postfix as a workaround.
It seems to me the IPv6 address should be added to the DNS RR (so that SPF would allow this address too) and Postfix could have IPv6 reactivated. I see no other problem with other services on the machine if we do so.
Nevertheless, I found out this in the dns-maps: ; TASK0043529 - TASK0108580 overwriten ;linode01 IN AAAA 2600:3c01::f03c:91ff:fe93:4b0d
Which means IPv6 RR were activated and then later disabled. I don't k= now how to have access to these TASKs (SNOW?) but I'd really like to know the reason for this before any action.
Do any one know why this DNS RR was removed? or were I could find it?
Regards. =20
--=20 David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605 --/0U0QBNx7JIUZLHm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXRCIrAAoJEEBxx+HSYmnDbPAH/jGz4DFCZ2PSHQcxpQcE5KhV zsAn8DJyWYOma5Dy26I8EDSDU3eRGg3g7ZKM0LluUPlPw+z+PLNgy8Fgbpg20oti rzv4f5mFrabvZ04xCcS5yOoVZi/dJ2ITQsm29kccId4BgOiz4oeQLw8dPj+sXUS1 L+sBUQluR//9Ze8TGf009mJ/RBG1674/EWnDxGEfCpayPwCVj0Iu3D46VG/pqyEd Cqe/UbPlqQIOBf4hoeJENiWQs33KhY2sdfJ5csxAlWPjHaWz/h+k+LU9yUaKfFSa KNrFGyp2bj6pALbxD7U63CGwKjt6GZzQ88YyvhOl8ze4hoeAS9ORCI6efDreYCo= =347w -----END PGP SIGNATURE----- --/0U0QBNx7JIUZLHm--
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/24/2016 01:32 AM, David Caro wrote:
Maybe it's old enough so Quaid was involved back then?
I don't recall for sure why IPv6 would be turned off, but iirc we had problems with SPF for a few years for gmail.com users, meaning it affected the end-users mailing lists the most. Is it possible SPF was turned off for IPv4 & IPv6, then the problem with SPF and GMail was fixed, and it was turned back on but only for IPv 4? How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks? Best, - - Karsten - -- Karsten Wade Community Infra & Platform (Mgr) Open Source and Standards, @redhatopen @quaid gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAldEqmQACgkQ2ZIOBq0ODEF/1gCdGlAbok+hxemOK+WwXvFZ3p9/ AgAAn0FTmmYDdYiwocVO934JJvkav0Ui =tXyn -----END PGP SIGNATURE-----
Hello All, I might guess that maybe there was some problem with PTR record for 2600:3c01::f03c:91ff:fe93:4b0d at that time so it might be affecting gmail spam scoring, however this is a very wild guess as right now PTR is correctly pointing back to lists.ovirt.org. SPF is set per domain name as I see, not per IP address so it includes all IPs that DNS name resolves automatically. Maybe we need to revise the current settings against the recommendations for bulk senders: https://support.google.com/mail/answer/81126?hl=en I guess other mail services might use same scoring approaches. Anton. On Tue, May 24, 2016 at 9:24 PM, Karsten Wade <kwade@redhat.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/24/2016 01:32 AM, David Caro wrote:
Maybe it's old enough so Quaid was involved back then?
I don't recall for sure why IPv6 would be turned off, but iirc we had problems with SPF for a few years for gmail.com users, meaning it affected the end-users mailing lists the most.
Is it possible SPF was turned off for IPv4 & IPv6, then the problem with SPF and GMail was fixed, and it was turned back on but only for IPv 4?
How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks?
Best,
- - Karsten - -- Karsten Wade Community Infra & Platform (Mgr) Open Source and Standards, @redhatopen @quaid gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAldEqmQACgkQ2ZIOBq0ODEF/1gCdGlAbok+hxemOK+WwXvFZ3p9/ AgAAn0FTmmYDdYiwocVO934JJvkav0Ui =tXyn -----END PGP SIGNATURE----- _______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
-- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat
I do recall a thread about this now that Karsten mentions it... let me go digging. IIRC, there was an issue around the AAAA entry... I have found some emails from 2013 and a related ServiceNow ticket which, apparently, has not survived the 3 year interval. Is the following context at all useful? Thanks, Dave. Way back when, this was the issue:
Incident INC0093361: Neil Miao is requesting the following information to assist in completing your request: 2013-11-10 21:37:49 EST - Neil Miao Comments Hi there,
Thanks Mike for going the extra mile to dig it out. The existing SPF record does look bad.
Since lists.ovirt.org is actually a CNAME of linode01.ovirt.org.
$ dig lists.ovirt.org ... ;; ANSWER SECTION: lists.ovirt.org.300INCNAMElinode01.ovirt.org. linode01.ovirt.org.300INA173.255.252.138
adding lists.ovirt.org to the SPF is a very obvious choice. :)
- IN TXT "v=spf1 a:linode01.ovirt.org ~all" + IN TXT "v=spf1 a:linode01.ovirt.org a:lists.ovirt.org ~all"
The change is pushed to the corp-dns. Let me know how it goes.
Cheers Neil 2013-10-31 16:55:49 EDT - Dave Neary Comments Mail from the oVirt users mailing list is being marked as spam in gmail, and is not getting through to users. A colleague, Mike McLean, looked into the issue, and suspects it is related to our DNS config:
See Mike's email to me below. Is this something IT services can help fix?
Thanks, Dave.
Mike wrote: I don't think it is users marking as spam, despite the google warning bar. The warning in the header suggests it is a networking problem.
There is nothing in the headers about the ip address (which is ipv6) being on a blacklist.
On 10/31/2013 03:20 PM, Mike McLean wrote:
Since I subscribed to the users list last week, I've had exactly zero messages from it in my gmail inbox. They're all in the spam folder.
Each message shows a warning at the top "Be careful with this message. Many people marked similar messages as spam."
I'm attaching a header example. One notable line is:
Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning users-bounces@ovirt.org does not designate 2600:3c01::f03c:91ff:fe93:4b0d as permitted sender) smtp.mail=users-bounces@ovirt.org
^ This is the header warning I referred to
It looks like ovirt.org only has an mx entry for linode01.ovirt.org. The host actually sending to google (lists.ovirt.org) doesn't show up in an mx entry. I'd push this up to IT.
It appears that google doesn't trust this mail because ovirt.org explicitly says not to.
From the headers, the mail is traversing from (sending user) -> linode01.ovirt.org -> lists.ovirt.org -> (google)
The SPF record for ovirt.orig is: "v=spf1 a:linode01.ovirt.org ~all" (found via dig -t TXT ovirt.org)
See: http://en.wikipedia.org/wiki/Sender_Policy_Framework
This policy says that linode01.ovirt.org is allowed to send and all others (e.g. lists.ovirt.org) should "softfail".
Who manages the ovirt.org servers? IT?
Someone in IT will have more expertise in this than me, but I suspect that answer is one of 1) change the spf record for ovirt.org to allow lists.ovirt.org 2) reconfigure lists.ovirt.org to route its mail through linode01.ovirt.org
State: Pending Customer Submitted Date: 2013-10-31 16:55:49 EDT Priority: 4 - Low Description: oVirt list email is being marked as spam by gmail
To update your request and notify the person assigned to your request, simply reply to this email communication.
You can view the status of your incident by selecting "Incidents" from the left navigation menu: LINK
Ref:MSG1353267
On 05/24/2016 03:24 PM, Karsten Wade wrote:
On 05/24/2016 01:32 AM, David Caro wrote:
Maybe it's old enough so Quaid was involved back then?
I don't recall for sure why IPv6 would be turned off, but iirc we had problems with SPF for a few years for gmail.com users, meaning it affected the end-users mailing lists the most.
Is it possible SPF was turned off for IPv4 & IPv6, then the problem with SPF and GMail was fixed, and it was turned back on but only for IPv 4?
How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks?
Best,
- Karsten
-- Dave Neary - NFV/SDN Community Strategy Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --h9sRFcmAnhXEbutwH5viN87uuVOiUxDbL Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Quack, On 05/25/2016 05:26 AM, Dave Neary wrote:
I do recall a thread about this now that Karsten mentions it... let me go digging. IIRC, there was an issue around the AAAA entry... I have found some emails from 2013 and a related ServiceNow ticket which, apparently, has not survived the 3 year interval. =20 Is the following context at all useful?
It is related. This change is still in production. This is not IPv6-specific through. Thanks for the digging. --h9sRFcmAnhXEbutwH5viN87uuVOiUxDbL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXRVz2AAoJEFXp+fesHEQ/uEIQAL9CE+AITrZLhjr3kYpmWzjV 0yNWas4wQfdWO2L9XH3kkeKqAS4ecGLXYjbNOQshcKRbldgYD/GJTEP4YPC1zh9g YpuH1umsjN0eWskx8PuGB7CKaWvtCjL/yeGOMWjD/mZE5Jz9cNdABPvYAk9QdweS h54YWx0HxxSQUjb8JDIEiitXtOkTzeZWzO3H7fGYSgHWG5GhdLh6bKRwPST+u3Do reRqXj/wsVNlFKZN5ZNDp4K8Ucv7VQHi8VzkRIAcShK4BsyddW2u9hWfWCls6X2D A/rtoWaEW7KmUZOWXRPkWmH66Ai8mMKCdKrHVCNL6LkbJDprKx1us1GR598KZJ03 Q4GerGSCsfGc2+bmaLtXP8T/tT9oLVAehn5CD6QNUqaQ16oazLP7C9Ebcs21RAdn OH92G8VjQJizJ328he+9GmmDRyXK/o2iT4WhBksy4sU/hE4zTApQofdfrzYONjie IMGs8x+fK4Bpv7v3zNORhaYnax8Wrf9XUj1B0PQPHV5CUBOVqFV36d349QDEgVY1 0mfpWGgYPvRCkcMZQDna1t96ikDSZkaGVqwxqX0g+aHHaGNEXNeifX4NdzREKN6K nOegYdg3PaX3oC+QVEoJO1SlGuwpRtdV7dw2QpBLbseRsMLlQmbC8IeQ6PUJWQlK IcItkJoH/fieM38OjFkV =g3N1 -----END PGP SIGNATURE----- --h9sRFcmAnhXEbutwH5viN87uuVOiUxDbL--
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --cQMAPrB1K8GADrTCsNTT8jsqhCfxL22xD Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Quack, Thanks dneary for coming to this thread. On 05/25/2016 04:24 AM, Karsten Wade wrote:
How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks?
I'm in favor of experimenting too. I see no reason not to have IPv6 working on the machines' services after a look at the configurations. The IPv6 reverse is good, we/I only have to re-add the direct AAAA and reenable Postfix IPv6, and watch :-). I will to that tomorrow unless someone raise concerns. Regards. --cQMAPrB1K8GADrTCsNTT8jsqhCfxL22xD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXRV8fAAoJEFXp+fesHEQ/5B4QAJSP7R8VwwPEDEQwBQN+rYHJ v6eA26lQmAxNOmIyrcbmUKAQ9n8bTlOmAvY/vcpBErfIyR3AGtTScE/X8Jz+4Ltm u+rstw7T3XDMenKnXpcHRCK+aja5KGxM3V2VrrpJQWQ9+mkb+5oKqxVvJ0FbsVuG FBk7t7zFrrlgtP6WU3DTB/lU6gfI860dL92vO9M0P8J9PtRCu1jP9QvSKcJJ4EST MNRbf9k2HNelEcL4252eZgPg1B+1RtcDY/51Qc5QB1qJPUHdtZbY6JGqee3s50Cg KqiZQYI/euTGo7pL5qY7b80PDmo32eUv+UjaVjuq4ZxXnISEH5Ed0vLepHOQOFGU Xzi/QCfHv4zw0WbaqZ1tfpZa64LxhlmcvXrDyWgQsDK1jnEa3ji2qXGI0XtD4Nf/ hwWkEJNiT7+ElY/RNmENGEYAmXnVVyXIzxujVR3sEGkIAUvbJkCleYnxnwfPlFWK OTi6qWmh3ceoUyh3Spt1LpEFOWDz93pUA5L7vdv5U8muyA6+xgBFigf3MUXgcHSw +9ksiWr/YTJP9HbN69saCrDLzGeds94bszDzAngV6brVjRB9bRYQhNafnnkMNPf4 iy2rb1P9urZ2zCk5rvEAEZJ+kpiKtg4I/+T2CuL14UQzSPeug6VZ3ilN7z0Bcmfp wnL0hcheRrWuCfk5thYr =ibqf -----END PGP SIGNATURE----- --cQMAPrB1K8GADrTCsNTT8jsqhCfxL22xD--
Hello All. Based on the forwarded message and DNS checks I did everything should be fine. The only thing is that have CNAME for mail server may not be a good idea and it is better to make lists to be A and AAAA direct records, reverses are already fine. As I see that's the plan so looks good. When we change we can check headers of the nearest message after DSN propagation and google and see if it treats it as SPF pass. Anton. On Wed, May 25, 2016 at 10:15 AM, Marc Dequènes (Duck) <duck@redhat.com> wrote:
Quack,
Thanks dneary for coming to this thread.
On 05/25/2016 04:24 AM, Karsten Wade wrote:
How about experimenting and see what happens (SCIENCE!), maybe with a warning to the two main lists (devel, users) in case anything breaks?
I'm in favor of experimenting too.
I see no reason not to have IPv6 working on the machines' services after a look at the configurations. The IPv6 reverse is good, we/I only have to re-add the direct AAAA and reenable Postfix IPv6, and watch :-).
I will to that tomorrow unless someone raise concerns.
Regards.
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
-- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --e5E4nTorI5JMJGjJcoDLF3SxOGowPVsru Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Quack, On 05/26/2016 07:24 PM, Anton Marchukov wrote:
Based on the forwarded message and DNS checks I did everything should b= e fine. The only thing is that have CNAME for mail server may not be a good idea and it is better to make lists to be A and AAAA direct records, reverses are already fine. As I see that's the plan so looks good. When we change we can check headers of the nearest message after DSN propagation and google and see if it treats it as SPF pass.
I requested the 'lists' record to be made A/AAAA in the process. But as the MX record points to the 'linode1' entry it was not critical. We should nevertheless switch to be cleaner. Thanks for your help. Regards. --e5E4nTorI5JMJGjJcoDLF3SxOGowPVsru Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJXSAHBAAoJEFXp+fesHEQ/SHwP/i3Z7XzQKLYbvXH5DjnPfnVI F7aaVnXjdDO8GGuzJMKfUm9mwvDPGhSeAuPM+J3UkF4FuoK/eBbVvIS7r1dFnFjf j+xV99vGiO0L7RMPXzpR+oDTItHenRjFzuPTsScOP05TR/f2pofsxeqcKOhXav5f y/2f6JEgra1/gCaSrZip0R0SH2auL9/wKsrNuZym+9AfM7ARZECcH2IZAOkFgR9z 0VOvqQ+pW5B1+k4XzFfdYXT8AobGYQqNVO5dEQiFd3+CD4TUueyqNWFxZyL0BkPZ tqDpwSY/JlZw+DAq1BhccIibqRVdrPzrR0oYJgw5qSpdH+t1SQ4ZZGoUp/K2csLS re9/KXUeNqToyojcZsTSnrNo0QKJlXdA2NDs0N/3z8aCJsCaJ6NifZzpJrMXYYQN UDSrJCKWPMNzDSBh2zvYtrAq8TGjb/ChzG2U9eQQ7Fq9NOyMP23Fjhxik2owDVe6 XGmQgQ+OTjAtJYrPpdcE0aXsLAOsAyvTIYPoL9gysXLPuJ2plYS5/cdAGCPKLQaL O2NIKN5XjVvkSJa0PjpLiB6k8F5ttKxQVtTDIytW7rzPoGv7fV0HjfaOc/8nXaCI HNVl89+zcv69REItR9ROx9LmN0nfk+sCzXZ7l6JDbUQa6A0avCGnpnfTTFPYDNIO SM/DBaHEQRzUlwSF+5WJ =LwMj -----END PGP SIGNATURE----- --e5E4nTorI5JMJGjJcoDLF3SxOGowPVsru--
participants (6)
-
Anton Marchukov -
Dave Neary -
David Caro -
Eyal Edri -
Karsten Wade -
Marc Dequènes (Duck)