Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Failed to get AAAA from MX or your DOMAIN  (Read 14154 times)

ajsphila

  • Newbie
  • *
  • Posts: 2
Failed to get AAAA from MX or your DOMAIN
« on: August 15, 2009, 09:53:17 AM »

Hi,

When going through the reverse DNS check for the cert, I keep getting the 'Failed to get AAAA from MX or your DOMAIN' error.

What exactly is it trying to query?  I successfully got my email @lemon.ivy.net, and if I dig my reverse v6 address from various places around the internet, the delegation seems to work fine.

Quote
[ajs@lazardo ~]$ dig -x 2001:470:1f07:b:210:5aff:fea7:e8 +trace

; <<>> DiG 9.3.4-P1 <<>> -x 2001:470:1f07:b:210:5aff:fea7:e8 +trace
;; global options:  printcmd
.         3600000   IN   NS   M.ROOT-SERVERS.NET.
.         3600000   IN   NS   A.ROOT-SERVERS.NET.
.         3600000   IN   NS   B.ROOT-SERVERS.NET.
.         3600000   IN   NS   C.ROOT-SERVERS.NET.
.         3600000   IN   NS   D.ROOT-SERVERS.NET.
.         3600000   IN   NS   E.ROOT-SERVERS.NET.
.         3600000   IN   NS   F.ROOT-SERVERS.NET.
.         3600000   IN   NS   G.ROOT-SERVERS.NET.
.         3600000   IN   NS   H.ROOT-SERVERS.NET.
.         3600000   IN   NS   I.ROOT-SERVERS.NET.
.         3600000   IN   NS   J.ROOT-SERVERS.NET.
.         3600000   IN   NS   K.ROOT-SERVERS.NET.
.         3600000   IN   NS   L.ROOT-SERVERS.NET.
;; Received 228 bytes from 207.245.82.2#53(207.245.82.2) in 4 ms

ip6.arpa.      172800   IN   NS   NS-SEC.RIPE.NET.
ip6.arpa.      172800   IN   NS   NS2.LACNIC.NET.
ip6.arpa.      172800   IN   NS   TINNIE.ARIN.NET.
ip6.arpa.      172800   IN   NS   NS.ICANN.ORG.
ip6.arpa.      172800   IN   NS   SEC1.APNIC.NET.
;; Received 221 bytes from 2001:dc3::35#53(M.ROOT-SERVERS.NET) in 88 ms

0.7.4.0.1.0.0.2.ip6.arpa. 10800   IN   NS   ns3.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800   IN   NS   ns5.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800   IN   NS   ns2.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800   IN   NS   ns4.he.net.
0.7.4.0.1.0.0.2.ip6.arpa. 10800   IN   NS   ns1.he.net.
;; Received 186 bytes from 2001:610:240:0:53::4#53(NS-SEC.RIPE.NET) in 92 ms

b.0.0.0.7.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS lemon.ivy.net.
;; Received 117 bytes from 2001:470:300::2#53(ns3.he.net) in 83 ms

8.e.0.0.7.a.e.f.f.f.a.5.0.1.2.0.b.0.0.0.7.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400   IN PTR lemon.ivy.net.
b.0.0.0.7.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 86400   IN NS lemon.ivy.net.
;; Received 175 bytes from 2001:470:1f07:b:210:5aff:fea7:e8#53(lemon.ivy.net) in 32 ms

Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 260
    • aRDy Music
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #1 on: August 15, 2009, 12:59:14 PM »

dig your_domain MX, see if it gets an AAAA record.
Logged

dataless

  • Newbie
  • *
  • Posts: 26
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #2 on: August 15, 2009, 07:38:13 PM »

I don't see an MX for lemon.ivy.net (I'm assuming you are wanting to use someone@lemon.ivy.net for the test).

The MX for ivy.net doesn't have an AAAA record, but I'm assuming that's why you were using lemon.ivy.net instead.

Code: [Select]
[root@jet ~]# dig lemon.ivy.net MX

; <<>> DiG 9.3.4-P1 <<>> lemon.ivy.net MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22225
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;lemon.ivy.net.                 IN      MX

;; AUTHORITY SECTION:
ivy.net.                900     IN      SOA     castrovalva.ivy.net. carton.ivy.net. 269 2400 960 3456000 900

;; Query time: 168 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:18 2009
;; MSG SIZE  rcvd: 86

[root@jet ~]# dig ivy.net MX

; <<>> DiG 9.3.4-P1 <<>> ivy.net MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25393
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;ivy.net.                       IN      MX

;; ANSWER SECTION:
ivy.net.                72000   IN      MX      10 sakima.ivy.net.

;; AUTHORITY SECTION:
ivy.net.                72000   IN      NS      ns.aculei.net.
ivy.net.                72000   IN      NS      ns-castrovalva.ivy.net.

;; ADDITIONAL SECTION:
sakima.ivy.net.         72000   IN      A       69.31.131.60

;; Query time: 130 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:45 2009
;; MSG SIZE  rcvd: 117

[root@jet ~]# dig sakima.ivy.net AAAA

; <<>> DiG 9.3.4-P1 <<>> sakima.ivy.net AAAA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2556
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sakima.ivy.net.                        IN      AAAA

;; AUTHORITY SECTION:
ivy.net.                900     IN      SOA     castrovalva.ivy.net. carton.ivy.net. 269 2400 960 3456000 900

;; Query time: 78 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:51 2009
;; MSG SIZE  rcvd: 87
« Last Edit: August 15, 2009, 07:39:52 PM by dataless »
Logged

dstest01

  • Newbie
  • *
  • Posts: 17
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #3 on: September 10, 2009, 07:11:25 AM »

Hi,

i've the same problem (or at least got the same error message), but i can't see anything wrong with my MX record.

Code: [Select]
# dig @2001:470:20::2 six.trds.de mx

; <<>> DiG 9.4.3-P3 <<>> @2001:470:20::2 six.trds.de mx
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35035
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;six.trds.de.                   IN      MX

;; ANSWER SECTION:
six.trds.de.            60      IN      MX      10 helios.six.trds.de.

;; ADDITIONAL SECTION:
helios.six.trds.de.     60      IN      AAAA    2001:470:1f0b:751::101

;; Query time: 88 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Thu Sep 10 15:54:02 2009
;; MSG SIZE  rcvd: 80

Result is the same for two other public DNS servers i tested. The only problem i could imagine is the nameserver for trds.de, which is IPv4 only (beyond my control), but as the webserver test worked fine, i'm really wondering...

Any suggestions?
Logged

maestroevolution

  • Newbie
  • *
  • Posts: 49
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #4 on: September 11, 2009, 11:33:23 AM »

You need to add an 'A' record for your nameservers for that test to pass.

(I know, I know.  It's an IPv6 test, and your nameservers may be IPv6 only).

I created a pseudo-dummy A record for my nameservers, and it passed (although it did take a few clicks o the 'submit' button ... I think that HE's nameservers try IPv4 connectivity first)

Joel

joel@maestro:~$ dig @74.82.42.42 ns six.trds.de

; <<>> DiG 9.5.1-P2 <<>> @74.82.42.42 ns six.trds.de
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2467
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;six.trds.de.         IN   NS

;; ANSWER SECTION:
six.trds.de.      53   IN   NS   ns1.six.trds.de.

;; ADDITIONAL SECTION:
ns1.six.trds.de.   53   IN   AAAA   2001:470:1f0b:751::53

;; Query time: 61 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Sep 11 13:30:43 2009
;; MSG SIZE  rcvd: 75

joel@maestro:~$ dig @74.82.42.42 a ns1.six.trds.de

; <<>> DiG 9.5.1-P2 <<>> @74.82.42.42 a ns1.six.trds.de
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53161
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.six.trds.de.      IN   A

;; Query time: 68 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri Sep 11 13:31:08 2009
;; MSG SIZE  rcvd: 33

joel@maestro:~$
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 260
    • aRDy Music
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #5 on: September 11, 2009, 01:35:59 PM »

Registrars will accept registering a name server with ipv6 only?
Logged

dstest01

  • Newbie
  • *
  • Posts: 17
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #6 on: September 12, 2009, 01:35:24 AM »

You need to add an 'A' record for your nameservers for that test to pass.

[...]

You're right, it worked by hacking in my (non-static) IPv4 address as second nameserver. Rushed through until the sage test, but felt like cheating... ;)
Logged

maestroevolution

  • Newbie
  • *
  • Posts: 49
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #7 on: September 15, 2009, 11:06:40 AM »

You need to add an 'A' record for your nameservers for that test to pass.

[...]

You're right, it worked by hacking in my (non-static) IPv4 address as second nameserver. Rushed through until the sage test, but felt like cheating... ;)

I felt the same way.  Of course, I also though it was silly that it checks for IPv4 addresses on an IPv6 test.
Logged

maestroevolution

  • Newbie
  • *
  • Posts: 49
Re: Failed to get AAAA from MX or your DOMAIN
« Reply #8 on: September 15, 2009, 11:22:24 AM »

Registrars will accept registering a name server with ipv6 only?

This wasn't a registrar delegation of a domain.  This was the sub-delegation of the PTR records from HE to your DNS server.

Apparently that test defaults to using IPv4 connectivity to your DNS server.  As I never intended that server to be reachable via IPv4 (because if you want PTR records for IPv6, you should be speaking IPv6), I originally created a AAAA record for it.  For this test, if there's no 'A' record for your IPv6 DNS server, the test fails.  If there is an A record, it'll try, fail, then try a AAAA lookup, and succeed.

Kinda a quirk of the test...  I would prefer it to prefer IPv6 transport to your DNS server by querying for AAAA first... but hey, I passed.

Joel
Logged