• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Professional Cert test: Failed to get AAAA from MX or your DOMAIN

Started by oldsoldier, March 09, 2012, 10:59:59 AM

Previous topic - Next topic

oldsoldier

Like the title says I am having issues with the Professional Cert Test. This post is a bit long so I appreciate your patience. I'm trying to actually learn rather than ask for "the answer" or complain.


Originally I thought the problem might be that my registrar doesn't have AAAA records for their name servers. A quick IRC chat gave me that thought and after looking around and doing some google searches it seems that register.com doesn't provide IPV6 glue.

So I change my NS to he.net DNS services. Of course this meant that I would have to wait for the TTL to expire.While waiting for the TTL to expire I remove ns1.he.net (probably a bonehead move -- as we'll see below).
TTL expires and I can't get +short answers in dig unless I specify a global ns . This actually makes sense to me so I put ns1.he.net back into my DNS settings. Looks like I need to wait for TTL to expire (again)

So here are my questions so that you might be able to help me wrap my head around this and complete this cert level as well as learn some IPV6 :)

since I can dig and get my mx record and ipv6 address for my mailserver I know that this is set up right --

dig @ns2.he.net mx reboot-n.com +short
0 mail.reboot-n.com.


dig AAAA @ns2.he.net mail.reboot-n.com +short
2605:2700:0:5::4713:96db

OK now is where I have a bit of confusion and need some help/explanations.

If i dig -x  2605:2700:0:5::4713:96db I get the following:
; <<>> DiG 9.7.3 <<>> -x 2605:2700:0:5::4713:96db
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8177
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;b.d.6.9.3.1.7.4.0.0.0.0.0.0.0.0.5.0.0.0.0.0.0.0.0.0.7.2.5.0.6.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
0.0.7.2.5.0.6.2.ip6.arpa. 2149 IN SOA ns.prgmr.com. lsc.prgmr.com. 2011120722 3600 900 3600000 3600

;; Query time: 87 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Fri Mar  9 12:43:39 2012
;; MSG SIZE  rcvd: 142

Yes the box is on prgmr.com and I set the rdns to point to mail.reboot-n.com.

Is this what is causing my failure on the test?

incidentally doing a +short query just returns a command prompt That is why I pasted the full.
next: Should I have a PTR for mail.reboot-n.com? or is this "wrong" and what is breaking my config?

dig PTR mail.reboot-n.com +short
reboot-n.com.



cholzhauer

Where are you hosting your reverse lookups at?

I don't use HE for DNS, but I assume they will do that for you

oldsoldier

Quote from: cholzhauer on March 09, 2012, 11:52:12 AM
Where are you hosting your reverse lookups at?

I don't use HE for DNS, but I assume they will do that for you

Since the IPV4 IP address actually belongs to prgmr.com the rDNS is done by them ( I am allowed to set the rDNS as long as I have forward DNS (to prevent shenanigans). It is very unlikely they will delegate it.

cholzhauer

Quote
Since the IPV4 IP address actually belongs to prgmr.com the rDNS is done by them

Completely separate.

My ISP also hosts my reverse lookups for my IPv4 stuff, but they have no way of knowing my IPv6 stuff; I host that, and HE delegates that to you. 

oldsoldier

Quote from: cholzhauer on March 09, 2012, 12:26:11 PM
Quote
Since the IPV4 IP address actually belongs to prgmr.com the rDNS is done by them

Completely separate.

My ISP also hosts my reverse lookups for my IPv4 stuff, but they have no way of knowing my IPv6 stuff; I host that, and HE delegates that to you. 
Ah so i had my head wrapped around it from the wrong angle...
Let me get this straight,:
If i create a reverse zone for 2605:2700:0:5::4713:96DB on he.net's dns i should be able to continue the certs?

cholzhauer


oldsoldier

Thanks for pointing me in the right direction. I really appreciate it, this whole journey into IPV6 has been quite educational!

ETA: I requested a /64 from prgmr.com and once i get that configured I'll try again. Thanks for the help!