Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: RDNS for mail server  (Read 6122 times)

derchris

  • Newbie
  • *
  • Posts: 5
RDNS for mail server
« on: August 02, 2012, 07:25:12 AM »

Hi folks,

I got a problem, and was wondering if you could get me some help.
I'm currently trying to do the RDNS mail server test, which is failing with

Code: [Select]
Failed to get AAAA from MX or your DOMAIN
Looking at some info from here, this is what it tries to do:

Quote
Professional: Verify that your MTA has working reverse DNS (ex: dig mx $domain +short ; dig aaaa $mx +short ; dig -x $mxAAAA +short)

Now, I get the 2 first thing right:

Code: [Select]
debian:~# dig mx derchris.eu +short
10 mail.derchris.eu.
debian:~# dig aaaa mail.derchris.eu. +short
2001:4dd0:fd19:fefe::2

But the PTR check fails:

Code: [Select]
debian:~# dig -x 2001:4dd0:fd19:fefe::2

; <<>> DiG 9.7.3 <<>> -x 2001:4dd0:fd19:fefe::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4051
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.e.f.e.f.9.1.d.f.0.d.d.4.1.0.0.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
ip6.arpa.               1771    IN      SOA     ns.inwx.de. mikael.illdefined.org. 2010111605 10800 3600 604800 3600

;; Query time: 35 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug  2 15:16:06 2012
;; MSG SIZE  rcvd: 157

Now, I use INWX.net for all my domains, and also use their NS.
I believe I have setup the correct PTR records there.
As my hoster has no native IPv6, I did setup an old Sixx tunnel + subnet.
My mail server is running as a Xen VM, and has an IPv6 from my Sixxs subnet.
Ping/Login all is working.

Sixxs asks to add Reverse Delegations on their website, where I added my NS.
However, it seems like I always end up with only the AUTHORITY SECTION from the dig output when I try to query my PTR records.

I do believe that I need to run either my own NS, or some other service where I can edit/add Zone files.
I'm out of ideas at the moment.
Looking at the next levels, I should be able to pass them.
It is just the RDNS at the moment.

Any help much appreciated.

Thanks,
Christian
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2729
Re: RDNS for mail server
« Reply #1 on: August 02, 2012, 07:31:02 AM »

This might be more suited to the SIXXS forums because of the setup required on their side.

I would agree though, you're not getting RDNS for your mail server address.

I haven't used SIXXS in a while, but from what I remember, the RDNS setup "just worked"  Does INWX allow you to do RDNS on IPv6?
Logged

derchris

  • Newbie
  • *
  • Posts: 5
Re: RDNS for mail server
« Reply #2 on: August 02, 2012, 07:34:08 AM »

Thanks for the reply.
I would rather not use the Sixxs forum, there are not really "friendly" there.  :)
Apart from that, the only thing you setup for RDNS there is to enter your NS entries. which I did.
As for INWX, I can enter PTR records on the NS config, and their NS are also IPv6, so I would say yes.

Here is another dig +trace, in case this helps:

Code: [Select]
debian:~# dig -x 2001:4dd0:fd19:fefe::2 +trace

; <<>> DiG 9.7.3 <<>> -x 2001:4dd0:fd19:fefe::2 +trace
;; global options: +cmd
.                       14794   IN      NS      f.root-servers.net.
.                       14794   IN      NS      g.root-servers.net.
.                       14794   IN      NS      d.root-servers.net.
.                       14794   IN      NS      b.root-servers.net.
.                       14794   IN      NS      e.root-servers.net.
.                       14794   IN      NS      m.root-servers.net.
.                       14794   IN      NS      k.root-servers.net.
.                       14794   IN      NS      a.root-servers.net.
.                       14794   IN      NS      j.root-servers.net.
.                       14794   IN      NS      l.root-servers.net.
.                       14794   IN      NS      h.root-servers.net.
.                       14794   IN      NS      i.root-servers.net.
.                       14794   IN      NS      c.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 6 ms

ip6.arpa.               172800  IN      NS      d.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      e.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      c.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      a.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      f.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      b.ip6-servers.arpa.
;; Received 462 bytes from 2001:500:2d::d#53(d.root-servers.net) in 97 ms

0.d.d.4.1.0.0.2.ip6.arpa. 172800 IN     NS      ns1.netcologne.de.
0.d.d.4.1.0.0.2.ip6.arpa. 172800 IN     NS      ns3.netcologne.de.
;; Received 139 bytes from 2001:dc0:2001:a:4608::59#53(e.ip6-servers.arpa) in 321 ms

d.f.0.d.d.4.1.0.0.2.ip6.arpa. 300 IN    NS      ns1.sixxs.net.
d.f.0.d.d.4.1.0.0.2.ip6.arpa. 300 IN    NS      ns3.sixxs.net.
d.f.0.d.d.4.1.0.0.2.ip6.arpa. 300 IN    NS      ns2.sixxs.net.
;; Received 153 bytes from 2001:4dd0:100:1020:53:1:0:3#53(ns3.netcologne.de) in 8 ms

9.1.d.f.0.d.d.4.1.0.0.2.ip6.arpa. 604800 IN NS  ns1.derchris.eu.
9.1.d.f.0.d.d.4.1.0.0.2.ip6.arpa. 604800 IN NS  ns2.derchris.eu.
9.1.d.f.0.d.d.4.1.0.0.2.ip6.arpa. 604800 IN NS  ns3.derchris.eu.
;; Received 187 bytes from 2001:770:18:8::4#53(ns1.sixxs.net) in 43 ms

ip6.arpa.               3600    IN      SOA     ns.inwx.de. mikael.illdefined.org. 2010111605 10800 3600 604800 3600
;; Received 157 bytes from 213.239.206.103#53(ns2.derchris.eu) in 33 ms
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1735
Re: RDNS for mail server
« Reply #3 on: August 02, 2012, 07:48:39 AM »

Paste your rdns zone, because the +trace shows that Sixxs delegated to 3 nameservers (assuming those 3 are the entries you put in). Perhaps something in the zone isn't correct?
Logged

derchris

  • Newbie
  • *
  • Posts: 5
Re: RDNS for mail server
« Reply #4 on: August 02, 2012, 08:10:17 AM »

That's what I think as well.
However, I have no direct access to the Zone file.
I can only add entries to my domains.
Logged

derchris

  • Newbie
  • *
  • Posts: 5
Re: RDNS for mail server
« Reply #5 on: August 02, 2012, 08:53:09 AM »

I now switched to Zonedit for the IPv6 RDNS setup, which is working:

Code: [Select]
debian:~# dig mx derchris.eu +short; dig aaaa mail.derchris.eu +short; dig -x 2001:4dd0:fd19:fefe::2 +short
10 mail.derchris.eu.
2001:4dd0:fd19:fefe::2
mail.derchris.eu.

However, the website still says

Code: [Select]
Failed to get AAAA from MX or your DOMAIN
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 962
Re: RDNS for mail server
« Reply #6 on: August 02, 2012, 01:13:25 PM »

However, the website still says

Code: [Select]
Failed to get AAAA from MX or your DOMAIN
The NS records that SixXS hands out have a one week TTL, which means you have to wait up to a week before the change takes effect.
Logged

derchris

  • Newbie
  • *
  • Posts: 5
Re: RDNS for mail server
« Reply #7 on: August 02, 2012, 01:16:31 PM »

All fixed now, was a cache problem, which HE fixed.
Now I need to get the Sage test done.
Logged

AlexandreGuedon

  • Newbie
  • *
  • Posts: 2
    • TWD
Re: RDNS for mail server
« Reply #8 on: November 15, 2012, 05:18:07 PM »

I seem to be having the same issue:

> dig mx twd.su +short; dig aaaa mail.twd.su +short; dig -x 2001:470:1f11:649::1 +short

10 mail.twd.su.
2001:470:1f11:649::1
mail.twd.su.

Strange thing is... on ordns.he.net it works but not on ns1, ns2, etc? :)

EDIT: yep after a few hours it worked! :D
« Last Edit: November 15, 2012, 07:25:46 PM by AlexandreGuedon »
Logged
<a href="http://ipv6.he.net/certification/scoresheet.php?pass_name=AlexandreGuedon" target="_blank"><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=AlexandreGuedon&amp;badge=3" style="border: 0; width: 229px; height: 137px" alt="IPv6"></img></a>