RDNS for mail server

Started by derchris, August 02, 2012, 07:25:12 AM

Hi folks,

I got a problem, and was wondering if you could get me some help.
I'm currently trying to do the RDNS mail server test, which is failing with

Failed to get AAAA from MX or your DOMAIN

Looking at some info from here, this is what it tries to do:

QuoteProfessional: Verify that your MTA has working reverse DNS (ex: dig mx $domain +short ; dig aaaa $mx +short ; dig -x $mxAAAA +short)

Now, I get the 2 first thing right:

debian:~# dig mx derchris.eu +short
10 mail.derchris.eu.
debian:~# dig aaaa mail.derchris.eu. +short

But the PTR check fails:

debian:~# dig -x 2001:4dd0:fd19:fefe::2

; <<>> DiG 9.7.3 <<>> -x 2001:4dd0:fd19:fefe::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4051
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


ip6.arpa.               1771    IN      SOA     ns.inwx.de. mikael.illdefined.org. 2010111605 10800 3600 604800 3600

;; Query time: 35 msec
;; WHEN: Thu Aug  2 15:16:06 2012
;; MSG SIZE  rcvd: 157

Now, I use INWX.net for all my domains, and also use their NS.
I believe I have setup the correct PTR records there.
As my hoster has no native IPv6, I did setup an old Sixx tunnel + subnet.
My mail server is running as a Xen VM, and has an IPv6 from my Sixxs subnet.
Ping/Login all is working.

Sixxs asks to add Reverse Delegations on their website, where I added my NS.
However, it seems like I always end up with only the AUTHORITY SECTION from the dig output when I try to query my PTR records.

I do believe that I need to run either my own NS, or some other service where I can edit/add Zone files.
I'm out of ideas at the moment.
Looking at the next levels, I should be able to pass them.
It is just the RDNS at the moment.

Any help much appreciated.



This might be more suited to the SIXXS forums because of the setup required on their side.

I would agree though, you're not getting RDNS for your mail server address.

I haven't used SIXXS in a while, but from what I remember, the RDNS setup "just worked"  Does INWX allow you to do RDNS on IPv6?


Thanks for the reply.
I would rather not use the Sixxs forum, there are not really "friendly" there.  :)
Apart from that, the only thing you setup for RDNS there is to enter your NS entries. which I did.
As for INWX, I can enter PTR records on the NS config, and their NS are also IPv6, so I would say yes.

Here is another dig +trace, in case this helps:

debian:~# dig -x 2001:4dd0:fd19:fefe::2 +trace

; <<>> DiG 9.7.3 <<>> -x 2001:4dd0:fd19:fefe::2 +trace
;; global options: +cmd
.                       14794   IN      NS      f.root-servers.net.
.                       14794   IN      NS      g.root-servers.net.
.                       14794   IN      NS      d.root-servers.net.
.                       14794   IN      NS      b.root-servers.net.
.                       14794   IN      NS      e.root-servers.net.
.                       14794   IN      NS      m.root-servers.net.
.                       14794   IN      NS      k.root-servers.net.
.                       14794   IN      NS      a.root-servers.net.
.                       14794   IN      NS      j.root-servers.net.
.                       14794   IN      NS      l.root-servers.net.
.                       14794   IN      NS      h.root-servers.net.
.                       14794   IN      NS      i.root-servers.net.
.                       14794   IN      NS      c.root-servers.net.
;; Received 228 bytes from in 6 ms

ip6.arpa.               172800  IN      NS      d.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      e.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      c.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      a.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      f.ip6-servers.arpa.
ip6.arpa.               172800  IN      NS      b.ip6-servers.arpa.
;; Received 462 bytes from 2001:500:2d::d#53(d.root-servers.net) in 97 ms

0.d.d. 172800 IN     NS      ns1.netcologne.de.
0.d.d. 172800 IN     NS      ns3.netcologne.de.
;; Received 139 bytes from 2001:dc0:2001:a:4608::59#53(e.ip6-servers.arpa) in 321 ms

d.f.0.d.d. 300 IN    NS      ns1.sixxs.net.
d.f.0.d.d. 300 IN    NS      ns3.sixxs.net.
d.f.0.d.d. 300 IN    NS      ns2.sixxs.net.
;; Received 153 bytes from 2001:4dd0:100:1020:53:1:0:3#53(ns3.netcologne.de) in 8 ms

9.1.d.f.0.d.d. 604800 IN NS  ns1.derchris.eu.
9.1.d.f.0.d.d. 604800 IN NS  ns2.derchris.eu.
9.1.d.f.0.d.d. 604800 IN NS  ns3.derchris.eu.
;; Received 187 bytes from 2001:770:18:8::4#53(ns1.sixxs.net) in 43 ms

ip6.arpa.               3600    IN      SOA     ns.inwx.de. mikael.illdefined.org. 2010111605 10800 3600 604800 3600
;; Received 157 bytes from in 33 ms


Paste your rdns zone, because the +trace shows that Sixxs delegated to 3 nameservers (assuming those 3 are the entries you put in). Perhaps something in the zone isn't correct?


That's what I think as well.
However, I have no direct access to the Zone file.
I can only add entries to my domains.


I now switched to Zonedit for the IPv6 RDNS setup, which is working:

debian:~# dig mx derchris.eu +short; dig aaaa mail.derchris.eu +short; dig -x 2001:4dd0:fd19:fefe::2 +short
10 mail.derchris.eu.

However, the website still says

Failed to get AAAA from MX or your DOMAIN


Quote from: derchris on August 02, 2012, 08:53:09 AMHowever, the website still says

Failed to get AAAA from MX or your DOMAIN
The NS records that SixXS hands out have a one week TTL, which means you have to wait up to a week before the change takes effect.


All fixed now, was a cache problem, which HE fixed.
Now I need to get the Sage test done.


I seem to be having the same issue:

> dig mx twd.su +short; dig aaaa mail.twd.su +short; dig -x 2001:470:1f11:649::1 +short

10 mail.twd.su.

Strange thing is... on ordns.he.net it works but not on ns1, ns2, etc? :)

EDIT: yep after a few hours it worked! :D
