As far as I can see i've got it setup and working, even setup IPv6 on the nameservers and it still doesnt work, can anyone provide some insight?
$ dig +short mx mythtv.tensixtyone.com
5 mythtv.tensixtyone.com.
$ dig +short aaaa mythtv.tensixtyone.com
2001:470:1f09:1b1::4
$ dig +short -x 2001:470:1f09:1b1::4
mythtv.tensixtyone.com.
Huh?
Looks good to me; I tested your dig commands and got the same results.
Bill
I can verify that forward and reverse dns works on my local lan:
$ dig whats4dinner.chickenkiller.com MX +short
10 mail.whats4dinner.chickenkiller.com.
$ dig mail.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177:4:20e:b6ff:fe25:db65
$ dig -x 2001:470:f177:4:20e:b6ff:fe25:db65 +short
mail.whats4dinner.chickenkiller.com.
$ dig ns1.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177::1
The "whats4dinner" domain is hosted off of external ipv4 servers but the hosting company does allow adding AAAA records. So all the forward lookups are coming from them and seem to work. I gather that rDNS would from he.net would go to these external nameservers to obtain the ip of my nameserver that is handling the IPv6 PTR records, but I never see any inbound domain lookup on my nameserver (verifying with tcpdump).
Does anyone know of a IPv6 recusive nameserver like opendns that I can use to verify how the Interwebs see me vs. local lan?
OpenDNS gives IPv6 responses.
dig ns1.whats4dinner.chickenkiller.com AAAA +short @208.67.222.222
2001:470:f177::1
Or are you wanting a strictly IPv6 NS to check?
Server that tests for the data doesn't have a problem looking up your MX, getting the AAAA and looking up the rDNS entry for the IPv6 address.
Is this still an issue?
I still have the issue, can HE tell me what email address its trying to check?
Still having issues.
I still get the red "Your MX does not appear to have working RDNS" but I have verified via http://www.potaroo.net/cgi-bin/ipv6addr that RDNS is working.
I don't suppose there's a way to look at previous settings that I used in past certs to see if a parameter is causing the foo-barring?
I wonder if it's due to the fact your NS's aren't IPv6..
A whois of chickenkiller.com gives;
Domain Name: CHICKENKILLER.COM
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com
Name Server: NS1.AFRAID.ORG
Name Server: NS2.AFRAID.ORG
Name Server: NS3.AFRAID.ORG
Name Server: NS4.AFRAID.ORG
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-dec-2008
Creation Date: 26-dec-2000
Expiration Date: 26-dec-2009
# dig NS1.AFRAID.ORG AAAA +short
# dig NS2.AFRAID.ORG AAAA +short
# dig NS3.AFRAID.ORG AAAA +short
# dig NS4.AFRAID.ORG AAAA +short
No AAAA's for any of them. Even though they give out IPv6 responses the only way to contact them is via IP4.. Maybe that's causing the failure.
Someone from HE could likely tell you for sure if that is the problem.