• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

MX RDNS Issue

Started by doofnet, July 16, 2009, 02:37:31 AM

Previous topic - Next topic

doofnet

As far as I can see i've got it setup and working, even setup IPv6 on the nameservers and it still doesnt work, can anyone provide some insight?

$ dig +short mx mythtv.tensixtyone.com
5 mythtv.tensixtyone.com.
$ dig +short aaaa mythtv.tensixtyone.com
2001:470:1f09:1b1::4
$ dig +short -x 2001:470:1f09:1b1::4
mythtv.tensixtyone.com.

bpier

Huh?
Looks good to me; I tested your dig commands and got the same results.

Bill

rpuckett

I can verify that forward and reverse dns works on my local lan:

$ dig whats4dinner.chickenkiller.com MX +short
10 mail.whats4dinner.chickenkiller.com.

$ dig mail.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177:4:20e:b6ff:fe25:db65

$ dig -x 2001:470:f177:4:20e:b6ff:fe25:db65 +short
mail.whats4dinner.chickenkiller.com.

$ dig ns1.whats4dinner.chickenkiller.com AAAA +short
2001:470:f177::1

The "whats4dinner" domain is hosted off of external ipv4 servers but the hosting company does allow adding AAAA records. So all the forward lookups are coming from them and seem to work. I gather that rDNS would from he.net would go to these external nameservers to obtain the ip of my nameserver that is handling the IPv6 PTR records, but I never see any inbound domain lookup on my nameserver (verifying with tcpdump).

Does anyone know of a IPv6 recusive nameserver like opendns that I can use to verify how the Interwebs see me vs. local lan?

dataless

OpenDNS gives IPv6 responses.

dig ns1.whats4dinner.chickenkiller.com AAAA +short @208.67.222.222
2001:470:f177::1

Or are you wanting a strictly IPv6 NS to check?

broquea

Server that tests for the data doesn't have a problem looking up your MX, getting the AAAA and looking up the rDNS entry for the IPv6 address.

Is this still an issue?

doofnet

I still have the issue, can HE tell me what email address its trying to check?

rpuckett

Still having issues.

I still get the red "Your MX does not appear to have working RDNS" but I have verified via http://www.potaroo.net/cgi-bin/ipv6addr that RDNS is working.

I don't suppose there's a way to look at previous settings that I used in past certs to see if a parameter is causing the foo-barring?

dataless

I wonder if it's due to the fact your NS's aren't IPv6..

A whois of chickenkiller.com gives;

   Domain Name: CHICKENKILLER.COM
   Registrar: DOTSTER, INC.
   Whois Server: whois.dotster.com
   Referral URL: http://www.dotster.com
   Name Server: NS1.AFRAID.ORG
   Name Server: NS2.AFRAID.ORG
   Name Server: NS3.AFRAID.ORG
   Name Server: NS4.AFRAID.ORG
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 27-dec-2008
   Creation Date: 26-dec-2000
   Expiration Date: 26-dec-2009


# dig NS1.AFRAID.ORG AAAA +short
# dig NS2.AFRAID.ORG AAAA +short
# dig NS3.AFRAID.ORG AAAA +short
# dig NS4.AFRAID.ORG AAAA +short

No AAAA's for any of them.  Even though they give out IPv6 responses the only way to contact them is via IP4..  Maybe that's causing the failure.

Someone from HE could likely tell you for sure if that is the problem.