Checkdmarc is looking up PTR records on IPs associated with found MX records. Anything using Google name servers is currently failing to capture the MX IPs. See:
checkdmarc google.com -n 8.8.8.8
...
"mx": {
"hosts": [],
"error": "All nameservers failed to answer the query 26.138.250.142.in-addr.arpa. IN PTR: Server 8.8.8.8 UDP port 53 answered SERVFAIL"
},
...
Digging into this more, you can see what's happening with the following dig commands:
Why does checkdmarc need to do PTR lookups on MX IPs?
Is there any way to prevent checkdmarc from doing these PTR lookups?
If the PTR lookups are helpful to some people, can it fail more gracefully so that we at least get the MX hostnames and IPs?
Btw, using other nameservers produces the same issue. Google clearly needs to fix something on their end, but receiving mail should work just fine for Google despite these PTR SERVFAILs on their MX IPs, so I think it makes sense to return the relevant data in checkdmarc too.
Checkdmarc is looking up PTR records on IPs associated with found MX records. Anything using Google name servers is currently failing to capture the MX IPs. See:
Digging into this more, you can see what's happening with the following dig commands:
Then, I dig on aspmx:
Then, do a PTR lookup on that (because for some reason checkdmarc is doing that):
This prompts a few questions:
checkdmarcneed to do PTR lookups on MX IPs?checkdmarcfrom doing these PTR lookups?Btw, using other nameservers produces the same issue. Google clearly needs to fix something on their end, but receiving mail should work just fine for Google despite these PTR SERVFAILs on their MX IPs, so I think it makes sense to return the relevant data in
checkdmarctoo.