Hi
i have fully setuped aaaa for mx record
and here is the dig results :
============================================================
root@p:~# dig AAAA propod.net
; <<>> DiG 9.8.1-P1 <<>> AAAA propod.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3483
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;propod.net. IN AAAA
;; ANSWER SECTION:
propod.net. 299 IN AAAA 2001:41d0:d:1590:0:d:132:1
;; Query time: 22 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Nov 3 15:56:16 2015
;; MSG SIZE rcvd: 56
============================================================
also you can check using mxtoolbox service
http://mxtoolbox.com/SuperTool.aspx?action=mx%3apropod.net&run=toolpage
..
but in he.net test i'm getting this error :
3 Status: Unable to find AAAA for MX record.
note : i have used email : admin@propod.net
Any advice ?
I can confirm your results. How long ago did you make changes in DNS? Sometimes it takes the test a while to see updates.
$ drill mx propod.net
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 10500
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;; propod.net. IN MX
;; ANSWER SECTION:
propod.net. 300 IN MX 0 propod.net.
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
propod.net. 300 IN A 51.254.92.114
propod.net. 300 IN AAAA 2001:41d0:d:1590:0:d:132:1
Quote from: cholzhauer on November 03, 2015, 08:00:20 AM
I can confirm your results. How long ago did you make changes in DNS? Sometimes it takes the test a while to see updates.
$ drill mx propod.net
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 10500
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;; propod.net. IN MX
;; ANSWER SECTION:
propod.net. 300 IN MX 0 propod.net.
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
propod.net. 300 IN A 51.254.92.114
propod.net. 300 IN AAAA 2001:41d0:d:1590:0:d:132:1
Thanks for your fast reply :)
i made it less than one hour ago
I assume TTL is at least an hour, so you'll just have to sit and wait.
Quote from: cholzhauer on November 03, 2015, 08:04:24 AM
I assume TTL is at least an hour, so you'll just have to sit and wait.
TTL is 300 (5mn)
how much i have to wait ?
i have removed A record, it may help more ..
but still the same problem
could someone else check it ?
Removing the A record won't help.
You need to wait, sorry.
Quote from: cholzhauer on November 03, 2015, 08:34:34 AM
Removing the A record won't help.
You need to wait, sorry.
Could you check the results of the following if they are fine or not
dig propod.net
dig MX propod.net
dig AAAA propod.net
this is my propod.net dns zone :
http://s11.postimg.org/6p89mz38j/propod_dns.png
Results I get match what you posted
Quote from: cholzhauer on November 03, 2015, 08:49:50 AM
Results I get match what you posted
is it fine ?
and what about the dns zone looks good too ?
..
will he support help me if i contacted them ? they may flush cache/dns
I have no idea what it's supposed to look like. Assuming the IP address you posted is correct, then yes.
You can open a ticket and have them look into it. ipv6@he.net
Quote from: cholzhauer on November 03, 2015, 08:53:48 AM
I have no idea what it's supposed to look like. Assuming the IP address you posted is correct, then yes.
You can open a ticket and have them look into it. ipv6@he.net
ok thanks, i have just created a ticket hope to get fast reply :)
..
still looking for a solution ..
There is something very odd with the DNS of this domain. The authoritative name servers listed are:
;; QUESTION SECTION:
;propod.net. IN NS
;; ANSWER SECTION:
propod.net. 75335 IN NS ns1.ihostadvance.com.
propod.net. 75335 IN NS ns2.ihostadvance.com.
However a dig +trace shows that HE name servers are answering:
~$ dig AAAA propod.net +trace
; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> AAAA propod.net +trace
;; global options: +cmd
. 85836 IN NS c.root-servers.net.
. 85836 IN NS d.root-servers.net.
. 85836 IN NS k.root-servers.net.
. 85836 IN NS j.root-servers.net.
. 85836 IN NS b.root-servers.net.
. 85836 IN NS a.root-servers.net.
. 85836 IN NS i.root-servers.net.
. 85836 IN NS g.root-servers.net.
. 85836 IN NS l.root-servers.net.
. 85836 IN NS e.root-servers.net.
. 85836 IN NS h.root-servers.net.
. 85836 IN NS f.root-servers.net.
. 85836 IN NS m.root-servers.net.
;; Received 241 bytes from 127.0.1.1#53(127.0.1.1) in 21 ms
net. 172800 IN NS a.gtld-servers.net.
net. 172800 IN NS b.gtld-servers.net.
net. 172800 IN NS c.gtld-servers.net.
net. 172800 IN NS d.gtld-servers.net.
net. 172800 IN NS e.gtld-servers.net.
net. 172800 IN NS f.gtld-servers.net.
net. 172800 IN NS g.gtld-servers.net.
net. 172800 IN NS h.gtld-servers.net.
net. 172800 IN NS i.gtld-servers.net.
net. 172800 IN NS j.gtld-servers.net.
net. 172800 IN NS k.gtld-servers.net.
net. 172800 IN NS l.gtld-servers.net.
net. 172800 IN NS m.gtld-servers.net.
net. 86400 IN DS 35886 8 2
;; Received 731 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 86 ms
propod.net. 172800 IN NS ns1.he.net.
propod.net. 172800 IN NS ns2.he.net.
;; Received 623 bytes from 192.55.83.30#53(m.gtld-servers.net) in 194 ms
propod.net. 300 IN AAAA 2001:41d0:d:1590:0:d:132:1
;; Received 67 bytes from 216.218.131.2#53(ns2.he.net) in 1 ms
It looks like some sort of registrar conflict with where DNS is delegated. The caching name servers are trying to go to the cached authoritative name servers that expire after a week.
I pinged the DNS team to reload the caching NS, seems fine now:
~$ dig ns propod.net
; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> ns propod.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12218
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;propod.net. IN NS
;; ANSWER SECTION:
propod.net. 85897 IN NS ns4.he.net.
propod.net. 85897 IN NS ns2.he.net.
propod.net. 85897 IN NS ns3.he.net.
propod.net. 85897 IN NS ns5.he.net.
propod.net. 85897 IN NS ns1.he.net.
Making a change the day of, and not previously shortening the 86400 TTL was your issue.
Quote from: broquea on November 03, 2015, 10:02:11 AM
I pinged the DNS team to reload the caching NS, seems fine now:
~$ dig ns propod.net
; <<>> DiG 9.9.5-11ubuntu1-Ubuntu <<>> ns propod.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12218
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;propod.net. IN NS
;; ANSWER SECTION:
propod.net. 85897 IN NS ns4.he.net.
propod.net. 85897 IN NS ns2.he.net.
propod.net. 85897 IN NS ns3.he.net.
propod.net. 85897 IN NS ns5.he.net.
propod.net. 85897 IN NS ns1.he.net.
Making a change the day of, and not previously shortening the 86400 TTL was your issue.
Thank you, problem solved.
It works :)
And Yeeeah :)
i have reached Sage level
i have just ordered the he t-shirt ^^
I have the same problem, it must be a bug in the test as my domain is pure IPv6 and the registration email (IPv6) I used worked, but it does not work in the test.
whois:
% The WHOIS service offered by EURid and the access to the records
% in the EURid WHOIS database are provided for information purposes
% only. It allows persons to check whether a specific domain name
% is still available or not and to obtain information related to
% the registration records of existing domain names.
%
% EURid cannot, under any circumstances, be held liable in case the
% stored information would prove to be wrong, incomplete or not
% accurate in any sense.
%
% By submitting a query you agree not to use the information made
% available to:
%
% - allow, enable or otherwise support the transmission of unsolicited,
% commercial advertising or other solicitations whether via email or
% otherwise;
% - target advertising in any possible way;
%
% - to cause nuisance in any possible way to the registrants by sending
% (whether by automated, electronic processes capable of enabling
% high volumes or other possible means) messages to them.
%
% Without prejudice to the above, it is explicitly forbidden to extract,
% copy and/or use or re-utilise in any form and by any means
% (electronically or not) the whole or a quantitatively or qualitatively
% substantial part of the contents of the WHOIS database without prior
% and explicit permission by EURid, nor in any attempt hereof, to apply
% automated, electronic processes to EURid (or its systems).
%
% You agree that any reproduction and/or transmission of data for
% commercial purposes will always be considered as the extraction of a
% substantial part of the content of the WHOIS database.
%
% By submitting the query you agree to abide by this policy and accept
% that EURid can take measures to limit the use of its WHOIS services
% in order to protect the privacy of its registrants or the integrity
% of the database.
%
% The EURid WHOIS service on port 43 (textual whois) never
% discloses any information concerning the registrant.
% Registrant and onsite contact information can be obtained through use of the
% webbased whois service available from the EURid website www.eurid.eu
%
% WHOIS saitan.eu
Domain: saitan.eu
Registrant:
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.
Technical:
Name: Pascal Bouchareine
Organisation: Gandi SAS
Language: fr
Phone: +33.170377661
Fax: +33.143731851
Email: eu-tech@gandi.net
Registrar:
Name: GANDI
Website: www.gandi.net
Name servers:
zero.saitan.eu (2a01:348:1e5:cafe::53)
uno.saitan.eu (2a01:348:1e5:cafe::153)
Keys:
flags:KSK protocol:3 algorithm:RSA_SHA256 pubKey:AwEAAdRlayq6s8gRa0tIL8DqS+w+r0OB/pWaPpWVCRSrDnry7syEd0rHRvogd+XEjLV2decyKC8c/UUpl8M9DIv6Arzm7oW+8DIM4hElhVfYZTL/FLXzpeDP3r9VCOReshuv7f5Qby0Sc2eb3xte2ij+J3XJQWtsdMe4QTDjEx+DRhYrBzdKGZgaBT/elr4ivOjlpCzab2zXyVdLR1lM7qt5wQBoaMydhQdYhzB8m2kfjt4OEgo0bAfr0DYPDM4XpmU+EjhjfiSa3q56Fe2wjQYvabZ7ZMCak7+a11nSPU9iY6etFaDh3vPHNm70aOoGEnsl5OSGEv24BZ10ZNDnqwQetBM=
Please visit www.eurid.eu for more info.
dig mx saitan.eu:
; <<>> DiG 9.9.5-12.1-Debian <<>> mx saitan.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28217
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;saitan.eu. IN MX
;; ANSWER SECTION:
saitan.eu. 20310 IN MX 10 mail.saitan.eu.
;; Query time: 43 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Mar 01 00:03:21 GMT 2016
;; MSG SIZE rcvd: 59
dig aaaa mail.saitan.eu
; <<>> DiG 9.9.5-12.1-Debian <<>> @2001:4860:4860::8888 aaaa mail.saitan.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39551
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail.saitan.eu. IN AAAA
;; ANSWER SECTION:
mail.saitan.eu. 18824 IN AAAA 2a01:348:1e5:cafe::25
;; Query time: 65 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Mar 01 00:06:39 GMT 2016
;; MSG SIZE rcvd: 71
I makes no sense, as above, the email used for registration could only be sent as IPv6 there is no IPv4 in the saitan.eu domain. Google DNS says it is OK
Quote from: jinxjim on February 29, 2016, 04:10:25 PM
I have the same problem, it must be a bug in the test as my domain is pure IPv6 and the registration email (IPv6) I used worked, but it does not work in the test.
whois:
% The WHOIS service offered by EURid and the access to the records
% in the EURid WHOIS database are provided for information purposes
% only. It allows persons to check whether a specific domain name
% is still available or not and to obtain information related to
% the registration records of existing domain names.
%
% EURid cannot, under any circumstances, be held liable in case the
% stored information would prove to be wrong, incomplete or not
% accurate in any sense.
%
% By submitting a query you agree not to use the information made
% available to:
%
% - allow, enable or otherwise support the transmission of unsolicited,
% commercial advertising or other solicitations whether via email or
% otherwise;
% - target advertising in any possible way;
%
% - to cause nuisance in any possible way to the registrants by sending
% (whether by automated, electronic processes capable of enabling
% high volumes or other possible means) messages to them.
%
% Without prejudice to the above, it is explicitly forbidden to extract,
% copy and/or use or re-utilise in any form and by any means
% (electronically or not) the whole or a quantitatively or qualitatively
% substantial part of the contents of the WHOIS database without prior
% and explicit permission by EURid, nor in any attempt hereof, to apply
% automated, electronic processes to EURid (or its systems).
%
% You agree that any reproduction and/or transmission of data for
% commercial purposes will always be considered as the extraction of a
% substantial part of the content of the WHOIS database.
%
% By submitting the query you agree to abide by this policy and accept
% that EURid can take measures to limit the use of its WHOIS services
% in order to protect the privacy of its registrants or the integrity
% of the database.
%
% The EURid WHOIS service on port 43 (textual whois) never
% discloses any information concerning the registrant.
% Registrant and onsite contact information can be obtained through use of the
% webbased whois service available from the EURid website www.eurid.eu
%
% WHOIS saitan.eu
Domain: saitan.eu
Registrant:
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.
Technical:
Name: Pascal Bouchareine
Organisation: Gandi SAS
Language: fr
Phone: +33.170377661
Fax: +33.143731851
Email: eu-tech@gandi.net
Registrar:
Name: GANDI
Website: www.gandi.net
Name servers:
zero.saitan.eu (2a01:348:1e5:cafe::53)
uno.saitan.eu (2a01:348:1e5:cafe::153)
Keys:
flags:KSK protocol:3 algorithm:RSA_SHA256 pubKey:AwEAAdRlayq6s8gRa0tIL8DqS+w+r0OB/pWaPpWVCRSrDnry7syEd0rHRvogd+XEjLV2decyKC8c/UUpl8M9DIv6Arzm7oW+8DIM4hElhVfYZTL/FLXzpeDP3r9VCOReshuv7f5Qby0Sc2eb3xte2ij+J3XJQWtsdMe4QTDjEx+DRhYrBzdKGZgaBT/elr4ivOjlpCzab2zXyVdLR1lM7qt5wQBoaMydhQdYhzB8m2kfjt4OEgo0bAfr0DYPDM4XpmU+EjhjfiSa3q56Fe2wjQYvabZ7ZMCak7+a11nSPU9iY6etFaDh3vPHNm70aOoGEnsl5OSGEv24BZ10ZNDnqwQetBM=
Please visit www.eurid.eu for more info.
dig mx saitan.eu:
; <<>> DiG 9.9.5-12.1-Debian <<>> mx saitan.eu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28217
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;saitan.eu. IN MX
;; ANSWER SECTION:
saitan.eu. 20310 IN MX 10 mail.saitan.eu.
;; Query time: 43 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Mar 01 00:03:21 GMT 2016
;; MSG SIZE rcvd: 59
dig aaaa mail.saitan.eu
; <<>> DiG 9.9.5-12.1-Debian <<>> @2001:4860:4860::8888 aaaa mail.saitan.eu
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39551
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;mail.saitan.eu. IN AAAA
;; ANSWER SECTION:
mail.saitan.eu. 18824 IN AAAA 2a01:348:1e5:cafe::25
;; Query time: 65 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Tue Mar 01 00:06:39 GMT 2016
;; MSG SIZE rcvd: 71
I makes no sense, as above, the email used for registration could only be sent as IPv6 there is no IPv4 in the saitan.eu domain. Google DNS says it is OK
Contact the support they will solve the problem (DNS / Cache Problem)
Good Luck :)
I have ticket HE#3066535 being handles by a Senior Network Engineer, who insists that they are trying:
dig saitan.eu mx @2a01:348:1e5:cafe::0:53
dig saitan.eu mx @2a01:348:1e5:cafe::1:53
dig saitan.eu mx @2a01:348:1e5:cafe::2:53
But they are getting connection timed out, however, here:
https://network-tools.webwiz.co.uk/dns-report.htm?domain=saitan%2Eeu&mail=true&IPv6=true (https://network-tools.webwiz.co.uk/dns-report.htm?domain=saitan%2Eeu&mail=true&IPv6=true)
Says everything is OK
Still stuck at Enthusiast level :o
$ telnet 2a01:348:1e5:cafe::2 25
Trying 2a01:348:1e5:cafe::2...
telnet: connect to address 2a01:348:1e5:cafe::2: Connection refused
telnet: Unable to connect to remote host
Try
telnet 2a01:348:1e5:cafe::25 25
telnet 2a01:348:1e5:cafe::2:25 25
$ telnet 2a01:348:1e5:cafe::2:25 25
Trying 2a01:348:1e5:cafe::2:25...
telnet: connect to address 2a01:348:1e5:cafe::2:25: Connection refused
telnet: Unable to connect to remote host
$ telnet 2a01:348:1e5:cafe::25 25
Trying 2a01:348:1e5:cafe::25...
telnet: connect to address 2a01:348:1e5:cafe::25: Connection refused
telnet: Unable to connect to remote host
HE is correct.
This network-tools.webwiz.co.uk is connecting OK see the report:
https://network-tools.webwiz.co.uk/dns-report.htm?domain=saitan%2Eeu&mail=true&IPv6=true
Can you send me the traceroute 2a01:348:1e5:cafe::25
I am not getting any logging that you have attempted to pass my gateway
Edit:
If possible could you please send me an email to admin (at) saitan.eu ?
Thanks
$ traceroute6 2a01:348:1e5:cafe::25
traceroute6 to 2a01:348:1e5:cafe::25 (2a01:348:1e5:cafe::25) from 2001:470:c27d: 18::11, 64 hops max, 12 byte packets
1 ipv6router.sscorp.com 1.014 ms 0.729 ms 0.713 ms
2 servicespring-1.tunnel.tserv9.chi1.ipv6.he.net 33.313 ms 27.833 ms 27.725 ms
3 ge3-4.core1.chi1.he.net 23.892 ms 27.881 ms 24.920 ms
4 100ge5-2.core1.nyc4.he.net 45.579 ms 40.182 ms 46.639 ms
5 10ge4-1.core1.nyc5.he.net 46.868 ms 43.634 ms 46.803 ms
6 2001:504:17:115::227 40.335 ms 63.033 ms 41.015 ms
7 ge-1-1-11-0.edge00.thn.uk.hso-group.net 122.601 ms 114.687 ms 114.157 ms
8 xe-8-3.core00.thn.uk.hso-group.net 122.647 ms 112.839 ms 118.600 ms
9 xe-4-1.core00.thw.uk.hso-group.net 130.524 ms 121.278 ms 157.215 ms
10 gblon02.sixxs.net 117.406 ms 112.898 ms 112.826 ms
11 gw-547.lon-02.gb.sixxs.net 114.533 ms 119.657 ms 115.030 ms
Stops there
Why not use HE for a tunnel?
Thanks!!
I will open a ticket with Sixxs
HE does not support AYIYA and I don't have a connection with fixed IP. Actually, my ISP may sometimes changes my IP several times during the day.
Edit:
SIXXS looked at your traceroute and said that the problem must be with my firewall, but I am puzzled of why
https://network-tools.webwiz.co.uk/dns-report.htm?domain=saitan%2Eeu&mail=true&IPv6=true (https://network-tools.webwiz.co.uk/dns-report.htm?domain=saitan%2Eeu&mail=true&IPv6=true) works OK and IPv6 enabled mail clients (like mail.google.com) sends me email OK, so they must be finding my AAAA MX record somehow.
I managed to do a tcpdump of my side of the tunnel and I can see my DNS is replying OK to the webpage. The dump is here: https://goo.gl/7SpxW9 (https://goo.gl/7SpxW9).
I can traceroute ICMP UDP and TCP from my DNS server to HE web page with no problem:
traceroute to 2001:470:0:9d::2 (2001:470:0:9d::2), 30 hops max, 80 byte packets
1 banana.saitan.eu (2a01:348:1e5:cafe::feed) 80.464 ms 87.302 ms 95.809 ms
2 gw-547.lon-02.gb.sixxs.net (2a01:348:6:222::1) 99.247 ms 116.230 ms 116.768 ms
3 gblon02.sixxs.net (2a01:348:0:4:0:3:1:1) 117.282 ms 119.235 ms 119.779 ms
4 ge-0-0-5-20.cs0.thw.uk.goscomb.net (2a01:348:0:4:0:3:0:1) 127.777 ms 138.860 ms 139.397 ms
5 xe-3-1.core00.the.uk.hso-group.net (2a01:348::65:0:1) 124.263 ms 124.768 ms 125.279 ms
6 ae-1.core00.thn.uk.hso-group.net (2a01:348::80:0:1) 123.466 ms 59.223 ms 85.267 ms
7 lonap.he.net (2001:7f8:17::1b1b:1) 81.096 ms 52.957 ms 53.756 ms
8 10ge2-9.core1.lon2.he.net (2001:470:0:2cd::1) 54.564 ms 89.299 ms 89.829 ms
9 100ge1-1.core1.nyc4.he.net (2001:470:0:2cf::2) 177.776 ms 195.676 ms 196.277 ms
10 100ge7-2.core1.chi1.he.net (2001:470:0:298::1) 196.847 ms 197.382 ms 232.448 ms
11 10ge15-2.core1.den1.he.net (2001:470:0:1af::2) 233.434 ms 180.107 ms 180.899 ms
12 10ge13-1.core1.lax2.he.net (2001:470:0:15d::2) 207.686 ms 183.257 ms 184.042 ms
13 100ge2-1.core1.lax1.he.net (2001:470:0:72::1) 190.225 ms 186.823 ms 199.987 ms
14 tserv1.lax1.he.net (2001:470:0:9d::2) 191.634 ms 183.053 ms 186.570 ms
::)
I had a firewall rule that blocked UDP traceroute from the outside, as soon as I fixed it is now working.
Dunno what traceroute has to do with finding AAAA for MX record, but anyway I am no longer stuck at enthusiast level
existence of a dns record doesn't mean connectivity.....