Text only | Text with Images

Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: doofnet on July 16, 2009, 02:37:31 AM

Title: MX RDNS Issue
Post by: doofnet on July 16, 2009, 02:37:31 AM
As far as I can see i've got it setup and working, even setup IPv6 on the nameservers and it still doesnt work, can anyone provide some insight?

$ dig +short mx mythtv.tensixtyone.com
5 mythtv.tensixtyone.com.
$ dig +short aaaa mythtv.tensixtyone.com
2001:470:1f09:1b1::4
$ dig +short -x 2001:470:1f09:1b1::4
mythtv.tensixtyone.com.
Title: Re: MX RDNS Issue
Post by: bpier on July 16, 2009, 07:12:30 AM
Huh?
Looks good to me; I tested your dig commands and got the same results.

Bill
Title: Re: MX RDNS Issue
Post by: rpuckett on July 19, 2009, 10:01:07 PM
I can verify that forward and reverse dns works on my local lan:

$ dig whats4dinner.chickenkiller.com MX +short
10 mail.whats4dinner.chickenkiller.com.

$ dig mail.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177:4:20e:b6ff:fe25:db65

$ dig -x 2001:470:f177:4:20e:b6ff:fe25:db65 +short
mail.whats4dinner.chickenkiller.com.

$ dig ns1.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177::1

The "whats4dinner" domain is hosted off of external ipv4 servers but the hosting company does allow adding AAAA records. So all the forward lookups are coming from them and seem to work. I gather that rDNS would from he.net would go to these external nameservers to obtain the ip of my nameserver that is handling the IPv6 PTR records, but I never see any inbound domain lookup on my nameserver (verifying with tcpdump).

Does anyone know of a IPv6 recusive nameserver like opendns that I can use to verify how the Interwebs see me vs. local lan?
Title: Re: MX RDNS Issue
Post by: dataless on July 20, 2009, 01:11:56 PM
OpenDNS gives IPv6 responses.

dig ns1.whats4dinner.chickenkiller.com AAAA +short @208.67.222.222
2001:470:f177::1

Or are you wanting a strictly IPv6 NS to check?
Title: Re: MX RDNS Issue
Post by: broquea on July 21, 2009, 04:43:37 PM
Server that tests for the data doesn't have a problem looking up your MX, getting the AAAA and looking up the rDNS entry for the IPv6 address.

Is this still an issue?
Title: Re: MX RDNS Issue
Post by: doofnet on July 23, 2009, 01:25:11 AM
I still have the issue, can HE tell me what email address its trying to check?
Title: Re: MX RDNS Issue
Post by: rpuckett on July 26, 2009, 08:34:35 AM
Still having issues.

I still get the red "Your MX does not appear to have working RDNS" but I have verified via http://www.potaroo.net/cgi-bin/ipv6addr that RDNS is working.

I don't suppose there's a way to look at previous settings that I used in past certs to see if a parameter is causing the foo-barring?
Title: Re: MX RDNS Issue
Post by: dataless on July 26, 2009, 01:37:21 PM
I wonder if it's due to the fact your NS's aren't IPv6..

A whois of chickenkiller.com gives;

   Domain Name: CHICKENKILLER.COM
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com
   Name Server: NS1.AFRAID.ORG
   Name Server: NS2.AFRAID.ORG
   Name Server: NS3.AFRAID.ORG
   Name Server: NS4.AFRAID.ORG
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 27-dec-2008
   Creation Date: 26-dec-2000
   Expiration Date: 26-dec-2009


# dig NS1.AFRAID.ORG AAAA +short
# dig NS2.AFRAID.ORG AAAA +short
# dig NS3.AFRAID.ORG AAAA +short
# dig NS4.AFRAID.ORG AAAA +short

No AAAA's for any of them.  Even though they give out IPv6 responses the only way to contact them is via IP4..  Maybe that's causing the failure.

Someone from HE could likely tell you for sure if that is the problem.
Text only | Text with Images