All,
Is there a problem with the RDNS test, or can we get more verbose output on what it thinks is the problem?
I'm assuming it correctly remembers the domain from the mail and html tests, as there's no input for it, nor output of what it's testing.
For the tachyon6.net domain, and querying the anycast DNS server provided by HE:
netadmin@sirius:~$ dig mx tachyon6.net @2001:470:20::2 +short
10 barnard.tachyon6.net.
0 barnard.tachyon6.net.
netadmin@sirius:~$ dig aaaa barnard.tachyon6.net @2001:470:20::2 +short
2001:470:1f11:1ee:0:1:0:1919
netadmin@sirius:~$ dig -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:20::2 +short
barnard.tachyon6.net.
I looked at my firewall logs (which log both permit and denies for this), and nothing is querying my dns server directly.
I set this up more than a week ago and finally got around to posting, so it's not a caching issue.
Thoughts?
I don't remember, does the rdns test rely on mx?
dig aaaa @2001:470:20::2 tachyon6.net +short
returns nothing.
Works for me here:
; <<>> DiG 9.4.3-P1 <<>> -x 2001:470:1f11:1ee:0:1:0:1919
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31237
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;9.1.9.1.0.0.0.0.1.0.0.0.0.0.0.0.e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR
;; ANSWER SECTION:
9.1.9.1.0.0.0.0.1.0.0.0.0.0.0.0.e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN PTR barnard.tachyon6.net.
;; AUTHORITY SECTION:
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN NS sirius.
;; Query time: 1230 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Sun Aug 30 07:30:39 2009
;; MSG SIZE rcvd: 144
Here's a trace:
; <<>> DiG 9.4.3-P1 <<>> -x 2001:470:1f11:1ee:0:1:0:1919 +trace
;; global options: printcmd
. 420064 IN NS I.ROOT-SERVERS.NET.
. 420064 IN NS J.ROOT-SERVERS.NET.
. 420064 IN NS L.ROOT-SERVERS.NET.
. 420064 IN NS G.ROOT-SERVERS.NET.
. 420064 IN NS B.ROOT-SERVERS.NET.
. 420064 IN NS A.ROOT-SERVERS.NET.
. 420064 IN NS E.ROOT-SERVERS.NET.
. 420064 IN NS F.ROOT-SERVERS.NET.
. 420064 IN NS D.ROOT-SERVERS.NET.
. 420064 IN NS C.ROOT-SERVERS.NET.
. 420064 IN NS M.ROOT-SERVERS.NET.
. 420064 IN NS H.ROOT-SERVERS.NET.
. 420064 IN NS K.ROOT-SERVERS.NET.
;; Received 512 bytes from 192.168.0.3#53(192.168.0.3) in 13 ms
ip6.arpa. 172800 IN NS NS-SEC.RIPE.NET.
ip6.arpa. 172800 IN NS TINNIE.ARIN.NET.
ip6.arpa. 172800 IN NS NS.ICANN.ORG.
ip6.arpa. 172800 IN NS NS2.LACNIC.NET.
ip6.arpa. 172800 IN NS SEC1.APNIC.NET.
;; Received 221 bytes from 2001:503:ba3e::2:30#53(A.ROOT-SERVERS.NET) in 16 ms
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns3.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns5.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns2.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns4.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns1.he.net.
;; Received 186 bytes from 2001:610:240:0:53::4#53(NS-SEC.RIPE.NET) in 161 ms
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS sirius.tachyon6.net.
;; Received 123 bytes from 2001:470:400::2#53(ns4.he.net) in 101 ms
9.1.9.1.0.0.0.0.1.0.0.0.0.0.0.0.e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN PTR barnard.tachyon6.net.
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN NS sirius.
;; Received 144 bytes from 2001:470:1f11:1ee:0:1:0:3535#53(sirius.tachyon6.net) in 174 ms
I did notice that lame delegation on sirius though (bolded above). This could be causing the test to fail even though it seems to ultimately resolve for me. You need to specify a FQDN for your NS record there.
Verified here:
; <<>> DiG 9.4.3-P1 <<>> @sirius.tachyon6.net e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56390
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN NS
;; ANSWER SECTION:
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN NS sirius.
;; Query time: 180 msec
;; SERVER: 2001:470:1f11:1ee:0:1:0:3535#53(2001:470:1f11:1ee:0:1:0:3535)
;; WHEN: Sun Aug 30 07:42:46 2009
;; MSG SIZE rcvd: 78
Too bad you have your TTL set for seven days on that NS though. Might take HE (and everyone else) a while to time that out even after you fix that NS record. :P
Also, an MX record has nothing to do with RDNS.
Quote from: jimb on August 30, 2009, 07:37:32 AM
Works for me here:
I did notice that lame delegation on sirius though (bolded above). This could be causing the test to fail even though it seems to ultimately resolve for me. You need to specify a FQDN for your NS record there.
[snip]
Too bad you have your TTL set for seven days on that NS though. Might take HE (and everyone else) a while to time that out even after you fix that NS record. :P
[snip]
Also, an MX record has nothing to do with RDNS.
Thanks for the input. I'm not doing any sub-delegation from what HE delegates to me, but I'll double-check the zone files and fully qualify anything for that.
TTL was at BIND9's default... normally that would be fine, but I'll give it a shot.
I know an MX record has nothing to do with RDNS, but it *does* have everything to do with this test, as it's checking for reverse DNS for your mail server.
Thanks again,
Joel
Lame delegation wasn't the right term I guess, since you're not delegating it. Just a bad NS record on your server.
Well, I updated the ns record to be FQDN and I see it on the primary NS server, but I still get the "Your MX does not have valid RDNS" when I check it.
joel@maestro:~$ dig mx tachyon6.net @2001:470:20::2 +short
10 barnard.tachyon6.net.
0 barnard.tachyon6.net.
joel@maestro:~$ dig aaaa barnard.tachyon6.net @2001:470:20::2 +short
2001:470:1f11:1ee:0:1:0:1919
joel@maestro:~$ dig -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:20::2 +short
barnard.tachyon6.net.
joel@maestro:~$ dig -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:20::2 +trace
; <<>> DiG 9.5.1-P2 <<>> -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:20::2 +trace
;; global options: printcmd
. 3591667 IN NS d.root-servers.net.
. 3591667 IN NS j.root-servers.net.
. 3591667 IN NS f.root-servers.net.
. 3591667 IN NS a.root-servers.net.
. 3591667 IN NS m.root-servers.net.
. 3591667 IN NS i.root-servers.net.
. 3591667 IN NS g.root-servers.net.
. 3591667 IN NS k.root-servers.net.
. 3591667 IN NS e.root-servers.net.
. 3591667 IN NS c.root-servers.net.
. 3591667 IN NS h.root-servers.net.
. 3591667 IN NS b.root-servers.net.
. 3591667 IN NS l.root-servers.net.
;; Received 512 bytes from 2001:470:20::2#53(2001:470:20::2) in 108 ms
ip6.arpa. 172800 IN NS SEC1.APNIC.NET.
ip6.arpa. 172800 IN NS NS-SEC.RIPE.NET.
ip6.arpa. 172800 IN NS TINNIE.ARIN.NET.
ip6.arpa. 172800 IN NS NS.ICANN.ORG.
ip6.arpa. 172800 IN NS NS2.LACNIC.NET.
;; Received 221 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 167 ms
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns2.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns1.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns5.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns4.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NS ns3.he.net.
;; Received 186 bytes from 2001:610:240:0:53::4#53(NS-SEC.RIPE.NET) in 205 ms
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS sirius.tachyon6.net.
;; Received 123 bytes from 2001:470:400::2#53(ns4.he.net) in 127 ms
9.1.9.1.0.0.0.0.1.0.0.0.0.0.0.0.e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN PTR barnard.tachyon6.net.
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 604800 IN NS sirius.tachyon6.net.
;; Received 173 bytes from 2001:470:1f11:1ee:0:1:0:3535#53(sirius.tachyon6.net) in 2 ms
joel@maestro:~$
However, I noticed I do get SERVFAILS from HE's ns2 server: it can't resolve anything, and won't do recursion to validate anything.
NS2 seems to have issues, or is configured to be internal only to HE.
joel@maestro:~$ dig mx tachyon6.net @2001:470:200::2
; <<>> DiG 9.5.1-P2 <<>> mx tachyon6.net @2001:470:200::2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39495
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;tachyon6.net. IN MX
;; Query time: 163 msec
;; SERVER: 2001:470:200::2#53(2001:470:200::2)
;; WHEN: Mon Aug 31 00:10:51 2009
;; MSG SIZE rcvd: 30
joel@maestro:~$ dig aaaa barnard.tachyon6.net @2001:470:200::2
; <<>> DiG 9.5.1-P2 <<>> aaaa barnard.tachyon6.net @2001:470:200::2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4537
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;barnard.tachyon6.net. IN AAAA
;; Query time: 163 msec
;; SERVER: 2001:470:200::2#53(2001:470:200::2)
;; WHEN: Mon Aug 31 00:11:11 2009
;; MSG SIZE rcvd: 38
joel@maestro:~$ dig -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:200::2
; <<>> DiG 9.5.1-P2 <<>> -x 2001:470:1f11:1ee:0:1:0:1919 @2001:470:200::2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27730
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;9.1.9.1.0.0.0.0.1.0.0.0.0.0.0.0.e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
e.e.1.0.1.1.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS sirius.tachyon6.net.
;; Query time: 165 msec
;; SERVER: 2001:470:200::2#53(2001:470:200::2)
;; WHEN: Mon Aug 31 00:11:18 2009
;; MSG SIZE rcvd: 123
joel@maestro:~$