• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Difficulty passing Administrator test

Started by jasc22, April 28, 2011, 10:31:27 AM

Previous topic - Next topic

jasc22

Hello All, I am using Ubuntu - Postfix -Dovecot. I was not receiving internal emails which is now fixed. The strange thing is tcpdump shows that the email from HE is being sent to the tunnel endpoint. Do i need a route from the tunnel end point to the host? (i'm using the same host for the test that the tunnel is configured on) Below is my DNS info. Any help will be greatly appreciated!! Thx!!

; <<>> DiG 9.7.1-P2 <<>> jasc22.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42735
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;jasc22.com.         IN   ANY

;; ANSWER SECTION:
jasc22.com.      86400   IN   SOA   ns1.he.net. hostmaster.he.net. 2011042603 10800 1800 604800 86400
jasc22.com.      86400   IN   MX   10 5103.jasc22.com.
jasc22.com.      82230   IN   AAAA   2001:470:d:ee7::2
jasc22.com.      86400   IN   NS   ns4.he.net.
jasc22.com.      86400   IN   NS   ns3.he.net.
jasc22.com.      86400   IN   NS   ns5.he.net.
jasc22.com.      86400   IN   NS   ns2.he.net.
jasc22.com.      86400   IN   NS   ns1.he.net.

;; Query time: 54 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Apr 28 10:20:02 2011
;; MSG SIZE  rcvd: 220

Routing table -

2001:470:c:ee7::/64            ::                         Un   256 0     0 he-ipv6
2001:470:d:ee7::/64            ::                         U    256 0     0 eth1
fe80::/64                      ::                         U    256 0     0 eth1
fe80::/64                      ::                         Un   256 0     0 he-ipv6
::/0                           ::                         U    1024 0     0 he-ipv6
::/0                           ::                         !n   -1  1   199 lo
::1/128                        ::                         Un   0   2    31 lo
2001:470:c:ee7::2/128          ::                         Un   0   1  1186 lo
2001:470:d:ee7::2/128          ::                         Un   0   1   267 lo
fe80::6369:6bb5/128            ::                         Un   0   1     0 lo
fe80::e22a:82ff:fe3a:c791/128  ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth1
ff00::/8                       ::                         U    256 0     0 he-ipv6
::/0                           ::                         !n   -1  1   199 lo

cholzhauer

I assume the 2001:470:d:ee7::2 you're using is out of your routed /64?


jasc22

@cholzhauer - Thx for your reply. Yes, that's correct!! I'm able to get to my web server via IPv6 and DNS-AAAA and MX records all seem to be working fine but not sure what the problem is. Any troubleshooting tips?

broquea

dig aaaa 5103.jasc22.com +trace doesn't return a result when checking any of the listed auth ns.

And there is no AAAA record in your zonefile in dns.he.net for 5103.jasc22.com, as you pasted.

~$ host 5103.jasc22.com
Host 5103.jasc22.com not found: 3(NXDOMAIN)

jasc22

thx @broquea!!! I changed the AAAA to point to 5103.jasc22.com which now resolves to the IP. However, when i run ig aaaa 5103.jasc22.com +trace, i still do not get anything. any tips that you could provide? thx!!

broquea

Think there is another problem:

$ telnet  5103.jasc22.com 25
Trying 2001:470:d:ee7::2...
telnet: Unable to connect to remote host: Connection refused

jasc22

thx broquea!! i figured that out and fixed the issue. i am now able to send email internally but still having issues sending externally. checking logs to see what is going on.

jasc22

broquea - i fixed most of my config issues. i am now able to receive internal emails but not external. i tried from gmail as well but no luck. having issues with DNS and name servers. any other troubleshooting tips that you can provide will be greatly appreciated. thx!

cholzhauer

Check DNS


[carl@mars ~]$ host 5103.jasc22.com
Host 5103.jasc22.com not found: 3(NXDOMAIN)


jasc22

thx cholzhauer - i checked below and it resolves to the IP. thoughts?

s733l@5103:/var/log$ host 5103.jasc22.com
5103.jasc22.com has IPv6 address 2001:470:d:ee7::2

cholzhauer

It's resolving now.


[carl@mars ~]$ host 5103.jasc22.com
5103.jasc22.com has IPv6 address 2001:470:d:ee7::2


But, you have another issue


[carl@mars ~]$ telnet  5103.jasc22.com 25
Trying 2001:470:d:ee7::2...
telnet: connect to address 2001:470:d:ee7::2: Connection refused
telnet: Unable to connect to remote host


Either your mail server isn't listening on IPv6 or your firewall is blocking traffic.  You say it works internally, so I would look at the firewall.


jasc22

thx much cholzhauer!!! it's strange...my system is on the DMZ and i'm allowing SMTP. However, when I run a portscan it's showing up as closed. very strange. can't seem to figure this one out. does anybody know if ATT blocks SMTP inbound? When I check the logs, I am not seeing any traffic on port 25.


Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-29 12:08 PDT
Interesting ports on jasc22.com (2001:470:d:ee7::2):
Not shown: 997 filtered ports
PORT    STATE  SERVICE
25/tcp  closed smtp
80/tcp  open   http
143/tcp open   imap

Nmap done: 1 IP address (1 host up) scanned in 6.31 seconds


cholzhauer

I can see ATT blocking SMTP on IPv4, but I can't imagine they'd be doing it on IPv6.  Who knows though.

jasc22

thx cholzhauer!! i tried sending myself an email on ipv4 from gmail but that does not seem to be working either. does anybody know if it's possible to complete this test using godaddy's email service? stumped!!!

johnpoz

Besides the point of looking 25 is blocked, sorry but still can not resolve mx record to that host some times - so that could be causing you pain in trying to send email as well.

And I found your problem with the resolving problem

You have these listed as NS

;; Received 493 bytes from 2001:dc3::35#53(m.root-servers.net) in 100 ms

jasc22.com.             172800  IN      NS      ns1.he.net.
jasc22.com.             172800  IN      NS      ns2.he.net.
jasc22.com.             172800  IN      NS      ns3.he.net.
jasc22.com.             172800  IN      NS      ns4.he.net.
jasc22.com.             172800  IN      NS      ns5.he.net.
jasc22.com.             172800  IN      NS      ns71.domaincontrol.com.
jasc22.com.             172800  IN      NS      ns72.domaincontrol.com.

And notice that the he.net ones return AAAA

5103.jasc22.com.        86400   IN      AAAA    2001:470:d:ee7::2
;; Received 61 bytes from 2001:470:200::2#53(ns2.he.net) in 89 ms

But if domaincontrol gets asks -- you fail on that entry
jasc22.com.             3600    IN      SOA     ns71.domaincontrol.com. dns.jomax.net. 2011042901 28800 7200 604800 86400
;; Received 114 bytes from 208.109.255.46#53(ns72.domaincontrol.com) in 40 ms

All NS listed for a domain need to match up for records or going to have issues.  Which NS gets asked is just random luck pretty much.