Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: [1] 2

Author Topic: RDNS test  (Read 13586 times)

iip

  • Newbie
  • *
  • Posts: 10
RDNS test
« on: June 23, 2009, 07:56:47 PM »

I fail this test with "Your MX does not appear to have working RDNS".

My test however works:
Code: [Select]
; <<>> DiG 9.3.5-P1 <<>> -x 2001:470:1f0b:2c4::100:1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27931
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.4.c.2.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.4.c.2.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 258813 IN PTR ipv6-mx.iip.lu.

;; AUTHORITY SECTION:
4.c.2.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 258813 IN NS b.ns.iip.lu.
4.c.2.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 258813 IN NS a.ns.iip.lu.

;; Query time: 1 msec
;; SERVER: 134.96.230.233#53(134.96.230.233)
;; WHEN: Wed Jun 24 04:51:15 2009
;; MSG SIZE  rcvd: 153

Also the DIG PTR test fails. Why?

Code: [Select]
Summary of user's dig query
IPv6 Address: 2001:470:1f0b:2c4::100:1
Status: NOERROR
Reverse ip6.arpa:
1.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.4.c.2.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.

Validating user's dig query
Result: Fail
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1731
Re: RDNS test
« Reply #1 on: June 23, 2009, 09:33:39 PM »

Caching NS reloads cache every 6 hrs. Now it shows up correctly on the server
Logged

iip

  • Newbie
  • *
  • Posts: 10
Re: RDNS test
« Reply #2 on: June 24, 2009, 07:55:37 AM »

Ah ok.
Maybe for those tests it would be more meaningful not to ask the cache but the concerned nameserver directly.
Logged

chawbreaker

  • Newbie
  • *
  • Posts: 2
Re: RDNS test
« Reply #3 on: July 08, 2009, 09:51:46 AM »

Caching NS reloads cache every 6 hrs. Now it shows up correctly on the server

Does that mean the cache ignores the TTL on returned RRs?

I set the forward TTL to an hour just in case I needed to change it (and I did) with a rDNS TTL to 5 minutes. Since the email test I've had to change the MX record to a different IP address so I could add the rDNS properly. Even with such a low TTL and the testing system having sent the email 2 hours ago it doesn't seem to be looking up the right information.

Should I just wait the 6 hours and see if it's fixed itself by then? I'm using the anycast resolver at 2001:470:20::2 to get see if that at least has the correct answers.

The test doesn't give much feedback on the failures either. It would be nice if it was a little more verbose on which hosts it was testing and where it failed. It would be very embarrassing if I still had it mis-configured at this point :P
Logged

chawbreaker

  • Newbie
  • *
  • Posts: 2
Re: RDNS test
« Reply #4 on: July 08, 2009, 06:09:34 PM »

You're using an IPv4 resolver. That should probably be mentioned in the test as I had set up an IPv6 only version.
Logged

iip

  • Newbie
  • *
  • Posts: 10
Re: RDNS test
« Reply #5 on: July 08, 2009, 06:15:38 PM »

You're using an IPv4 resolver. That should probably be mentioned in the test as I had set up an IPv6 only version.

Since at that point in the test there still need not be any IPv6 glue at the registrar, using IPv4 for DNS seems logical however.
Logged

bpier

  • Newbie
  • *
  • Posts: 22
Re: RDNS test
« Reply #6 on: July 13, 2009, 11:43:27 AM »

WTF?

I've not setup my email server to receive on an IPv4 address!
This cert. stuff is all about IPv6!
My rDNS setup works fine for my IPv6 address, so why is the test failing?
The message is less than explanatory and not helpful at all.
Logged

yorick

  • Newbie
  • *
  • Posts: 15
Re: RDNS test
« Reply #7 on: August 05, 2009, 04:58:01 AM »

I'm really glad this test was included. My tunnel's been up since Jan 3rd 2008, and I had not noticed that my routed /64 was not the point-to-point - no idea whether that changed at some point along the line, I swear at one point there was no distinction.

So, yeah, trying to set up reverse delegation for the point-to-point - not so successful. I have good hopes that once freedns.org is back up, I can correct and increment that third dword by one, and have working reverse DNS.

Oops?

Wondering whether the OP has a similar "oh dang that _is_ 1f07 after all, not 1f06" kind of issue.
Logged

RayH

  • Newbie
  • *
  • Posts: 4
Re: RDNS test
« Reply #8 on: September 30, 2010, 05:01:54 AM »

Also got hit by the caching issue. Agree with previous posters that it would be useful to give more debugging output, and also possibly have the option of manually clearing the cache before retesting.
Logged

tclement

  • Newbie
  • *
  • Posts: 8
Re: RDNS test
« Reply #9 on: November 06, 2010, 02:53:44 PM »

I"m having the same problem / error

Your MX does not appear to have working RDNS



c:\programs\dig>dig @ns1.he.net  -x 2001:5c0:150c:7200::1

; <<>> DiG 9.3.2 <<>> @ns1.he.net -x 2001:5c0:150c:7200::1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 696
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.7.c.0.5.1.0.c.5.0.1.0.0.2.ip6.arpa. IN PT
R

;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.7.c.0.5.1.0.c.5.0.1.0.0.2.ip6.arpa. 86400
IN PTR theclements.info.

;; Query time: 150 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Sat Nov 06 16:25:09 2010
;; MSG SIZE  rcvd: 120
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1731
Re: RDNS test
« Reply #10 on: November 06, 2010, 03:11:30 PM »

Doesn't look delegated to ns1.he.net

Code: [Select]
~$ dig -x 2001:5c0:150c:7200::1 +trace

; <<>> DiG 9.7.0-P1 <<>> -x 2001:5c0:150c:7200::1 +trace
;; global options: +cmd
. 86114 IN NS f.root-servers.net.
. 86114 IN NS d.root-servers.net.
. 86114 IN NS i.root-servers.net.
. 86114 IN NS k.root-servers.net.
. 86114 IN NS l.root-servers.net.
. 86114 IN NS m.root-servers.net.
. 86114 IN NS c.root-servers.net.
. 86114 IN NS h.root-servers.net.
. 86114 IN NS e.root-servers.net.
. 86114 IN NS a.root-servers.net.
. 86114 IN NS b.root-servers.net.
. 86114 IN NS g.root-servers.net.
. 86114 IN NS j.root-servers.net.
;; Received 497 bytes from 74.82.42.42#53(74.82.42.42) in 1 ms

arpa. 172800 IN NS d.root-servers.net.
arpa. 172800 IN NS l.root-servers.net.
arpa. 172800 IN NS e.root-servers.net.
arpa. 172800 IN NS m.root-servers.net.
arpa. 172800 IN NS i.root-servers.net.
arpa. 172800 IN NS a.root-servers.net.
arpa. 172800 IN NS g.root-servers.net.
arpa. 172800 IN NS b.root-servers.net.
arpa. 172800 IN NS f.root-servers.net.
arpa. 172800 IN NS h.root-servers.net.
arpa. 172800 IN NS c.root-servers.net.
arpa. 172800 IN NS k.root-servers.net.
;; Received 510 bytes from 2001:503:c27::2:30#53(j.root-servers.net) in 3 ms

ip6.arpa. 172800 IN NS ns.icann.org.
ip6.arpa. 172800 IN NS ns2.lacnic.net.
ip6.arpa. 172800 IN NS sec1.apnic.net.
ip6.arpa. 172800 IN NS ns-sec.ripe.net.
ip6.arpa. 172800 IN NS tinnie.arin.net.
;; Received 229 bytes from 2001:500:1::803f:235#53(h.root-servers.net) in 76 ms

0.c.5.0.1.0.0.2.ip6.arpa. 10800 IN NS ns1.gogo6.com.
0.c.5.0.1.0.0.2.ip6.arpa. 10800 IN NS ns2.gogo6.com.
;; Received 135 bytes from 2001:dc0:2001:a:4608::59#53(sec1.apnic.net) in 175 ms

1.0.c.5.0.1.0.0.2.ip6.arpa. 1800 IN SOA ns1.gogo6.com. support.gogo6.com. 2012552141 10800 900 604800 86400
;; Received 147 bytes from 2001:5c0:1001::194#53(ns2.gogo6.com) in 83 ms
Logged

tclement

  • Newbie
  • *
  • Posts: 8
Re: RDNS test
« Reply #11 on: November 06, 2010, 03:33:07 PM »

thanks,  any tips how I delegate to he.net ?  I'm at a complete loss at this point.

thanks for any help
Logged

tclement

  • Newbie
  • *
  • Posts: 8
Re: RDNS test
« Reply #12 on: November 06, 2010, 03:35:28 PM »

Here is the result of my dig (specifying ns1.he.net)


c:\programs\dig>dig @ns1.he.net  -x 2001:5c0:150c:7200::1

; <<>> DiG 9.3.2 <<>> @ns1.he.net -x 2001:5c0:150c:7200::1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.7.c.0.5.1.0.c.5.0.1.0.0.2.ip6.arpa. IN PT
R

;; ANSWER SECTION:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.7.c.0.5.1.0.c.5.0.1.0.0.2.ip6.arpa. 86400
IN PTR theclements.info.

;; Query time: 150 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Sat Nov 06 17:34:02 2010
;; MSG SIZE  rcvd: 120


c:\programs\dig>
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1731
Re: RDNS test
« Reply #13 on: November 06, 2010, 03:41:06 PM »

Nothing wrong with your dig, it is just that we don't query ns1-5.he.net as they aren't caching recursors, only authoritative, so no machine on our network would ever use them for DNS lookups. You'll need to look at gogo6 and how they delegate rDNS for their allocations.
Logged

tclement

  • Newbie
  • *
  • Posts: 8
Re: RDNS test
« Reply #14 on: November 06, 2010, 08:02:17 PM »

The gogoclient reverse dns configuration seems easy.

I just list the ns1.he.net:ns2.he.net:ns3.he.net:ns4.he.net in the field and it is supposed to delegate.

I can't find anything in the docs or web that talks about this.

Any advice ?

thanks
Tim
Logged
Pages: [1] 2